Versions of the Zeus malware have begun harvesting log-in credentials for network appliances, according to researchers.
Security firm Trusteer has uncovered new code within certain Zeus configuration files that attempts to collect data from Citrix VPN tools.
The company said that the code appears to be specific to certain Zeus 2.0 installations, and instructs an infected machine to capture and transmit a screenshot of all mouse clicks whenever the text '/citrix/' appears in the browser's address bar.
"Citrix is aware that the Zeus trojan is targeting authentication credential harvesting in the use of Citrix products, along with the other enterprise products already specified in Zeus configuration files," said Kurt Roemer, Citrix chief security strategist.
"Citrix recommends that enterprise-grade anti-malware solutions are utilized on all endpoints to prevent infection and proliferation of the Zeus trojan and to generally protect against malware."
Researchers at Trusteer believe that the code is an attempt by a Zeus botnet operator to harvest account details from Citrix Access Gateway deployments by using screenshots to capture 'keystroke' images from virtual keyboards. The on-screen keyboards are typically used to thwart key-logging malware tools.
"This attack code clearly illustrates that Zeus is actively targeting enterprises, and specifically remote access connections into secure networks," Trusteer said.
"Fraudsters are no longer satisfied with simply going after bank accounts. They are also targeting intellectual property and sensitive information contained in company IT networks and applications."
Zeus has become increasingly popular among criminals for its ability to embed code directly into otherwise legitimate web pages.
Adding to the danger, the malware is easy to manage and older versions can be obtained for little to no cost. McAfee recently ran a demonstration designed to show the ease with which a malware botnet can be built and deployed.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago