NEW YORK (MainStreet) Keyboard Cat could be hacking your bank account.
Sharing pictures and videos of cats seems to be a primary function of the Internet. Research by British mobile network Three reports that more than twice as many people share pictures of cats than selfies. And we know how many selfies there are out there. In Britain alone, more than 3.8 million pictures of cats are shared each day, compared to just 1.4 million selfies. But Grumpy Cat could be a part of a nefarious plan to separate you from your money.
French security researcher Xylitol has discovered the Zeus/Zbot Trojan malware, the malicious software that has plagued banks for years, hidden inside of photos. The code uses the images to cloak its configuration file which, when retrieved and executed, can infect a web browser and trigger invisible transactions.
Known as ZeusVM, the Trojan malware lurks undetected until an unwitting user loads their banking website. Then, the code comes to life, acting as an unseen "man-in-the-middle." The Trojan can execute transactions in the account without detection because the customer has been properly authenticated. Money transfers can be initiated as the malware simultaneously covers its tracks so that the real user remains totally unaware of the ongoing hack. The bank sees all of the online activity as customer generated and completely valid.
Jerome Segura, senior security researcher for Malwarebytes, says steganography -- the act of hiding information in plain sight -- is an ancient and time-tested method of deception.
"In ancient Greece, secret instructions carved on wood were covered with wax where an innocent message would fool any outsider. In that regard, the bad guys aren't really innovators per se, they are just applying old tricks to modern technology," Segura says in a blog post.