Hackers are going after British Christmas shoppers' credit card data, using the Zeus Panda banking Trojan. In most cases, hackers inject banking malware code of variants like Zeus Panda (aka Panda Banker) onto targeted banking sites, to harvest victims' banking credentials and credit card information.
However, security researchers observing the evolution of banking malware campaigns say that hackers have now begun injecting such malicious code into online payment sites, retailers' sites, casinos and more.
According to security researchers at Proofpoint, who uncovered the recent Zeus Panda malware campaign, hackers have been targeting holiday shoppers since November, capitalising on the Thanksgiving, Black Friday and Cyber Monday shopping sprees.
The hackers behind the malware have injected malicious code onto popular online shopping sites such as Zara, as well as traveling sites, video streaming sites and more. The malware has been designed to steal victims' address, phone numbers, date of birth, credit card information, social security numbers and security-related data such as mother's maiden name.
Proofpoint researchers say that although the first campaign they observed in November targeted Canadian companies, right before Thanksgiving, in December, hackers had begun targeting UK firms. Researchers also warned that victims infected with Zeus Panda are often unaware of having been targeted by hackers, as the malware conducts man-in-the-middle attacks to surreptitiously steal credit card information.
Proofpoint researchers recommend that companies and holiday shoppers use VPNs to avoid falling victim to such holiday-themed attacks.
"The timing and specific injects of these recent attacks are clearly focused on online holiday shoppers, travelers, and holiday activities, with far more retail-related and other non-banking injects than we normally associate with a banking Trojan attack," Proofpoint researchers said in his blog. "During the holidays, when many users will be traveling or using corporate devices from home, requiring the use of a VPN can ensure that computers are protected and banking Trojan-related traffic can be detected and blocked whether or not a user is physically in the office."