Beware of malware Zusy!

Zusy malware is a banking Trojan that uses man-in-the-middle attacks to steal bank information. It is a spin-off of the well-known Zeus banking Trojan and is where Zusy takes its name, although Zusy is also known as TinyBanker, Tinba, and Zegost. But ‘what’s in a name’, right? Especially when you’re referring to a malware that packs a powerful punch no matter what it’s called. And that’s exactly what Zusy malware does. Its goal is to steal money from online bank accounts and gather personal information from its victims such as their passwords, banking credentials, and social security numbers. 

How it infiltrates devices

The original version of Zusy works by injecting itself into Windows processes such as .explorer.exe and winver.exe so that when victims of the malware visit a financial services website, a fake form is displayed that tricks them into submitting personal information. The newer Zusy variant, however, can also infect a user’s device when the user simply hovers over a hyperlink in an infected PowerPoint document. The user doesn’t even have to click on the link for the malware to execute – a simple hover over it with the mouse will do. The PowerPoint attachment is commonly spread through spam emails with subject lines like “Order Confirmation” or “Purchase Order Number”.  Furthermore, newer versions of Zusy also have the ability to steal information by spying on webcams and can convert your computer into a zombie machine controlled by the cyber criminal.  In addition, Zusy malware is quite small compared to other malware, which makes it harder to detect once it does infect a device. Zusy’s small size, however, does not by any means diminish the damage it’s capable of causing.

Why should businesses be worried?

Individual users and businesses need to be on the lookout for this dangerous malware, with small businesses being particularly vulnerable due to their tendency to mistakenly assume an attack won’t happen to them. Smaller businesses are also less resilient to cyber-attacks than larger businesses because they don’t have the resources to invest in cybersecurity and mitigation. Thus, when you consider that almost a third of the data breaches in 2020 involved small businesses, there’s real cause for concern. Moreover, banking Trojans, such as Zusy, are still ranked as a top cyber threat. Forbes.com lists Zusy, in particular, as one of the most rampant threats of 2020. 

And while this malware hasn’t been in the news as much as other malware lately, it would be naive to think it’s gone away. On the contrary, Zusy activity has escalated recently and cybersecurity experts suggest that the quiet followed by renewed activity is by design. A clever tactic of cyber criminals is to let threats lay dormant for a period of time so that everyone forgets about them or thinks they’re no longer a threat. When that happens, organizations often start to relax and let their guard down a little on that particular threat and that’s when the malware strikes, only it usually strikes even harder as a new and improved version. In fact, that’s exactly what Zusy did when they added their ability to capture video from your webcam. Zusy is not a malware you want to tangle with, so keeping it off your computer should be a priority.

Protecting your business 

The most important defensive measure you can take to keep Zusy and any malware for that matter off of your business computers is to install a reliable endpoint antivirus (AV) and anti-malware software that protects all of your business computers. The software should be backed by a powerful AV engine that is continuously updated with the latest virus signatures so it can perform Zusy malware analysis and detect the Trojan in time to prevent it from compromising your system. In addition, your AV software should provide webcam protection so Zusy and other malware cannot spy on your private webcam activity as well as offer browsing protection to make sure you’re not browsing to malicious URLs or downloading malicious software. It should also have an unwanted software blocker to warn you away from downloading software from sketchy sites or from developers that can’t be trusted as you never know what might be bundled with that software. Additionally, make sure your AV solution can protect you from social engineering attacks like phishing that try to trick you into opening emails with malicious attachments. 

What’s in a name?

Zusy, TinyBanker, Tinba, Zegost – whatever you call it, is a nasty piece of malware that is used to not only steal money but also to steal personal information. Regardless of name or size, it packs a mighty punch. Having a reliable endpoint anti-malware solution is vital to protecting your computer from infections like Zusy.