Phishing for passwords with malware

Reports from the Target breach investigation continue to trickle in, with Brian Krebs now citing multiple sources close to the investigation that have traced the initial compromise to login credentials stolen through a phishing email.

Last week, we discussed how attackers can steal credentials without using malware through data-entry phishing. While this tactic is a common and highly effective technique, the latest report on Target alleges that Citadel, a password-stealing derivative of the ZeuS banking Trojan, was responsible for stealing login credentials from Target vendor Fazio Mechanical, which provided attackers with the foothold they needed in Target’s network.