A piece of malware called Win32.Ramnit, which has been known to security researchers for at least 18 months, has been repurposed to target online banking users, according to security firm Trusteer.
The malware has been altered to include the HTML-injection tactics made famous by Zeus. Ramnit modifies HTML files to intercept and harvest banking details from customers during transit, allowing the attack to occur during what is otherwise a normal, safe banking transaction.
Trusteer said that the attack is made particularly dangerous by the prevalence of Ramnit infections on the web. The company cited figures from Symantec suggesting that Ramnit is responsible for 17.3 per cent of all new malware infections.
The new attacks were blamed in part on the recent decision by the creators of Zeus to release the source code behind the attack tool, giving malware writers dangerous new tools.
"The metamorphosis of Ramnit into financial malware is a sign of things to come now that the Zeus source code has been made openly available to anyone on the internet," said Trusteer chief technology officer Amit Klein.
"Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program, old or new."
Security experts speculated in April that malware writers armed with the Zeus code could craft new attacks that borrow components and techniques from the infamous malware infection.
In fear of future shortage - or in preparation for its own electric car project?
New Spectre microcode patches released by Intel to fix security flaws in Skylake, Kaby Lake and Coffee Lake CPUs
But if you're running anything older you'll have to wait
Powered by servers based on Qualcomm's scalable 48-core Centriq 2400 10nm CPUs
Malware has been in circulation for more than a year