Dropbox users are getting faux password reset emails that can infect a victim’s computer with Zeus malware.
The new Zeus campaign, uncovered by cloud security provider Appriver, tries to stop users checking if their old password works by listing it as “dangerous.”
“A new campaign just started up involving some fake Dropbox password reset emails. The emails come in with a sad computer face claiming the recipient has requested a password reset and their old password is now ‘dangerous’,” the report said.
“The email itself contains a link that, when clicked, leads the user to a page saying their browser is out of date and they need to update it,” the report said. “Clicking anything in the linked notification page downloads a file ieupdate.exe. The file is a Trojan that is part of the Zeus family.”
Dropbox released a statement saying it has taken action to try and deal with the scam.
Zeus is a banking Trojan family of malware that has been in security environment for some time. The malware steals victims’ financial information. In May, McAfee reported Zeus and its variants account for 57.9 percent of all botnet infections.
The Appriver researchers reported tracking the latest Zeus campaign to 54 unique domains, all of which were at the dynamooblog.ru web domain in Russia.