Banking Trojan Steals Funds, Then Attempts to Hire Victims as 'Mules'
The latest variant of the Zeus Trojan attempts to hire people to move stolen money to offshore accounts.A group of criminals using the popular Zeus banking Trojan have started advertising for accomplices, displaying ads for job scams whenever the victim visits a popular job site, financial security firm Trusteer said on June 13. Typically, victims whose computers are infected with Zeus have to worry about their bank accounts being drained. Yet if a victim visits the popular job site CareerBuilder.com, some variants of Zeus will also display an ad for a job with a fraudulent company, Trusteer stated in a blog post. In reality, the job is to help criminals transfer stolen cash to another country or cash out goods bought with stolen funds—in other words, a "money mule." Finding people to help—usually unwittingly—is an ongoing challenge for criminals, but a critical need. Without money mules, cyber-criminals would have a very hard time moving stolen money, Etay Maor, fraud prevention solution manager with Trusteer, told eWEEK. "Money mules are always a scarce resource and whenever criminals do recruit them, they keep a pretty good eye on them," he said. "At the end of the day, you really can't cash out unless you have a mule."
When cyber-criminals compromise a consumer's computer and access his or her bank account, they need somewhere to transfer the money. Most often, they transfer it to the accounts of one or more money mules, who then transfer it to an offshore account. When law enforcement track down the money mules, the criminals have typically already broken contact with them and so cannot be tracked.