Home Malware Programs Trojans ZeuS.Maple

ZeuS.Maple

Posted: June 11, 2014

Threat Metric

Threat Level: 9/10
Infected PCs: 16
First Seen: June 11, 2014
Last Seen: March 7, 2020
OS(es) Affected: Windows


ZeuS.Maple is an update to the banking Trojan ZeuS or Zbot. ZeuS.Maple provides additional protection against various security solutions while persisting with the bank account-hijacking attacks that ZeuS is so well-known for undertaking. Since ZeuS.Maple has updates that make ZeuS.Maple even more threatening than ZeuS.Maple previously was as an already-advanced and high-level threat, malware researchers urge you to use updated anti-malware products and safe Web-browsing behavior to prevent ZeuS.Maple infections and, when called for, remove ZeuS.Maple before ZeuS.Maple may pilfer any sensitive data.

ZeuS.Maple: the Spyware that's not So Sweet to PC Security Companies

One recurring PC threat that malware researchers have had to deal with is Trojan Zeus, a banking Trojan that receives semi-regular updates to modify its capabilities, defenses and even, to some extent, its fundamental structure. Some notable variants of Zeus include Rootkit.Win32.Zbot.sapu (that was distributed via e-mail in fake Starbucks messages), the Zberp Trojan (a fusion of Zeus and Carberp) and TSPY_ZBOT.PN. ZeuS.Maple is one of the newest variants of Zeus and seeks to add even more PCs to the millions that already are part of the Zeus botnet.

All versions of Zeus are defined in part by their ability to monitor your Web-browsing activities for bank website-related actions, which they do by injecting their code into the browser. Although anti-malware products can remove Zeus and then remove the browser changes that cause these 'man in the middle' attacks to collect bank account data and other information, ZeuS.Maple has an additional feature that allows ZeuS.Maple to reinfect a restored Web browser.

Some other advantages that ZeuS.Maple carries include:

  • ZeuS.Maple uses a more secure encryption method than past versions of Zeus (AES-128 instead of RC4). Data encryption may conceal ZeuS.Maple from security programs trying to detect ZeuS.Maple.
  • The original ZeuS.Maple is placed in a preexisting AppData directory on your hard drive, that makes ZeuS.Maple closely resemble a non-hostile program, again interfering with security solutions.
  • ZeuS.Maple also uses Visual Basic-based data compression to reduce its size and hide its body. As with its other updates, this is targeted at thwarting PC security companies, rather than changing how ZeuS.Maple behaves towards its victims.

Apart from these details of interest to anti-malware experts, ZeuS.Maple also includes all of the expected attack features that allow ZeuS.Maple to give third parties access to your computer and, in due course, total control over it. Sensitive data is especially vulnerable to theft by ZeuS.Maple.

Outsmarting the Banking Trojan that Grows Anew with Each Version

Just like some maple trees which possess lifespans of a century or more, ZeuS.Maple is an example of an enduring PC threat that continues to be both profitable for cybercrooks and threatening to even the most harmless of Web surfers. Spam links, including both e-mail and social network-based ones, are some of the favorite means for Zeus's distribution, but malware experts warn that ZeuS.Maple also is installable by other methods. Since Zeus's source code is in underground circulation and a lot of persons are happy to use it to develop variants like ZeuS.Maple, keeping your anti-malware tools updated can be the best protection against this banking Trojan that you can get.

ZeuS.Maple should not be assumed to show any symptoms related to its attacks, although ZeuS.Maple may redirect your browser to phishing sites and other hostile domains. Considering the sophistication of its self-defensive functions, malware researchers certainly wouldn't recommend deleting ZeuS.Maple without updated and dependable anti-malware tools, any more than they'd advise you to continue using passwords that ZeuS.Maple's attacks might leak.

Technical Details

Additional Information

The following URL's were detected:
62.76.190.115
Loading...