Malicious emails are in circulation claiming to contain an invoice from a Kitchen Appliance company, but instead contains the dangerous Zbot.
The threat known as Dyre was originally spotted by security firm CSIS and by PhishMe which also had uncovered the new malware earlier in June.
Back then, the threat was aimed at banks and other financial institutions, something very reminiscent of other banking Trojans such as Zeus and its variants.
But researchers discovered that the malware is now capable of capturing login credentials from Salesforce users by redirecting them through a phishing website.
Dyre will initially infect users through some form of social-engineering, typically with an email that contains a malicious attachment. Once on the system, the malware can act as a man-in-the-middle and intercept every single keystroke. To be clear, this is not a vulnerability with Salesforce or its website, but rather a type of malware that leverages compromised end-point machines.
A new variant of the Zeus/Zbot trojan, dubbed ZeusVM, is using images as a decoy to retrieve its configuration file, and waits to steal banking info.
Awareness and education about online dangers is essential but headlines like “Malware That Drains Your Bank Account Thriving On Facebook” instill fear while at the same time blame Facebook — something that may not be entirely justified.