Cybercriminals are constantly changing the way malware is delivered. Phishing emails and text messages have been a popular technique recently.
But these types of attacks are less successful for criminals the more people become aware of them, which is why they’re always being modified. You won’t believe the sneaky way this new fast-spreading malware is being distributed. If your gadget is infected, your bank account could be drained.
If your gadget is infected, your bank account could be drained.
We’re talking about a banking Trojan called Zeus Panda that is rapidly spreading across the globe. Researchers at Cisco say the malware is being spread through SEO (search engine optimization) poisoning.
Starts with SEO Poisoning
SEO poisoning sounds like a serious problem, and it is. Basically, hackers make a bunch of malicious websites on a certain topic and then trick Google into pushing the sites up near the top of the search results for that topic.
When you search for the topic, in this case, keywords dealing with financial institutions, you’ll have a good chance of running into one of those sites.
Once on the booby-trapped site, a malicious Word document is used to infect your gadget with banking malware.
The victim will then see an HTTP 302 code, which redirects them to another compromised site. There, a malicious Word document will be downloaded to the victim’s gadget.
You are then prompted to Open or Save the file. Once opened, a message asking you to “Enable Editing” and click “Enable Content” will appear. It looks like the following image:
Image: Example of malicious Word document. (Source: Cisco)
By following these instructions, you’re enabling macros that are embedded in the Word document. This is where the victim’s gadget is infected with the banking malware, Zeus Panda. It’s designed to help criminals behind the attack steal your banking and other critical credentials.
The best defense against this attack is to NOT click on links to financial institutions through an online search. Instead, type the bank’s web address directly into your browser to make sure you’re not headed to a malicious site. Keep reading for more ideas on keeping your banking credentials secure.
Turn off this feature in Word
Typically, malicious Word documents are sent through phishing emails. You should never download PDF, Word or Excel files attached to unsolicited emails, to begin with.
With Zeus Panda, the Word document is delivered through a malicious site that comes up via online search. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
Your best bet is to turn off the ability to use macros in Word. Make sure you’re using strong antivirus software on all of your gadgets. And keep them up-to-date for the best protection. This is the best way to keep your device from being infected with malware.
One security setting to always turn on
Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It’s like the DMV or bank asking for two forms of ID. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.
Know the rules
Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
Note: If you are reading this article using the Komando.com app, click here to see an example of the malicious Word document.
From webcams, sign-ins, to Alexa, don’t make these mistakes.
When our PCs work normally, we sometimes take them for granted. We recklessly fill up our hard drives with data, download files, install applications and browse the web as we please. But of course, all it takes is one installation of a malicious application to ruin your PC and worse, have all your information stolen.