HPmal/Zbot-C
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 2 |
| First Seen: | January 29, 2013 |
| Last Seen: | November 1, 2021 |
| OS(es) Affected: | Windows |
HPmal/Zbot-C is a variation of Zbot Trojan that attacks financial institutions based in Canada incorporating a company that processes payments from Point Of Sale devices and credit and debit cards by stealing information. HPmal/Zbot-C will collect login credentials added into forms and embed a code into the websites so that attacked PC users give more information such as answers to secret questions, PIN numbers and mother's maiden name. HPmal/Zbot-C hacks the screen, grabs form field and logs keystrokes to receive information on the targeted computer system. A screenshot is taken each time the PC owner clicks the left mouse button while surfing the payment processing website.
Each screen capture is concetrated on the mouse button and is sent back to the botnet owner. Form data is also collected and sent back, covering usernames and passwords. The configuration files of HPmal/Zbot-C also cover a section called 'Keylogger processes' that provides a list of processes from which key strokes will be logged. Every time the attacked computer owner enters usernames, passwords and card details into one of the software products all the keystrokes will be sent back to the botnet owner. Together with software products used for remote access including SCP, Putty, GotoMyPC, VNC, and PCAnywhere, there are process names including '*pos*', '*store*', '*sales*' and '*merchant*' that are possibly related to processing payment card data. HPmal/Zbot-C also corrupts financial software products such as Quickbooks and Sage.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.