Source: Help Net Security
In this article “With critical business services migrating to the cloud, service providers have become a prime target for cybercriminals. In the latest example of financial malware targeting enterprises, Trusteer has discovered a Zeus attack that focuses on cloud payroll service providers.
These attacks are designed to route funds to criminals, and bypass industrial strength security controls maintained by larger businesses.
Trusteer researchers have captured a Zeus configuration that targets Ceridian, a Canadian human resources and payroll solutions provider. In this attack, Zeus captures a screenshot of a Ceridian payroll services web page when a corporate user whose machine is infected with the Trojan visits this website. This allows Zeus to steal the user id, password, company number and the icon selected by the user for the image-based authentication system.”