{ "id": "6f626d3e-8ecd-43f6-ac92-1d1c1e10afee", "created_at": "2026-04-06T00:15:32.17481Z", "updated_at": "2026-04-10T13:12:28.963159Z", "deleted_at": null, "sha1_hash": "0b4a1d2a389de5e1092b56ccdb37417616d1055b", "title": "SpyEye Targets Opera, Google Chrome Users", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 105740, "plain_text": "SpyEye Targets Opera, Google Chrome Users\r\nPublished: 2011-04-26 · Archived: 2026-04-05 16:15:41 UTC\r\nThe latest version of the SpyEye trojan includes new capability specifically designed to steal sensitive data from\r\nWindows users surfing the Internet with the Google Chrome and Opera Web browsers.\r\nThe author of the SpyEye trojan formerly sold the crimeware-building kit on a number of online cybercrime\r\nforums, but has recently limited his showroom displays to a handful of highly vetted underground communities.\r\nKrebsOnSecurity.com recently chatted with a member of one of these communities who has purchased a new\r\nversion of SpyEye. Screenshots from the package show that the latest rendition comes with the option for new\r\n“form grabbing” capabilities targeting Chrome and Opera users.\r\nSpyEye component in version 1.3.34 shows form grabbing options for Chrome and Opera\r\nTrojans like ZeuS and SpyEye have the built-in ability to keep logs of every keystroke a victim types on his or her\r\nkeyboard, but this kind of tracking usually creates too much extraneous data for the attackers, who mainly are\r\ninterested in financial information such as credit card numbers and online banking credentials. Form grabbers\r\naccomplish this by stripping out any data that victims enter in specific Web site form fields, snarfing and recording\r\nthat data before it can be encrypted and sent to the Web site requesting the information.\r\nBoth SpyEye and ZeuS have had the capability to do form grabbing against Internet Explorer and Firefox for\r\nsome time, but this is the first time I’ve seen any major banking trojans claim the ability to target Chrome and\r\nhttps://krebsonsecurity.com/2011/04/spyeye-targets-opera-google-chrome-users/\r\nPage 1 of 2\n\nOpera users with this feature.\r\nAviv Raff, CTO and co-founder of security alert service Seculert, said that both SpyEye and ZeuS work by\r\n“hooking” the “dynamic link library” or DLL files used by IE and Firefox. However, Chrome and Opera appear to\r\nuse different DLLs, Raff said.\r\nThis strikes me as an incremental yet noteworthy development. Many people feel more secure using browsers like\r\nChrome and Opera because they believe the browsers’ smaller market share makes them less of a target for cyber\r\ncrooks. This latest SpyEye innovation is a good reminder that computer crooks are constantly looking for new\r\nways to better monetize the resources they’ve already stolen. Security-by-obscurity is no substitute for good\r\nsecurity practices and common sense: If you’ve installed a program, update it regularly; if you didn’t go looking\r\nfor a program, add-on or download, don’t install it; if you no longer need a program, remove it.\r\nSource: https://krebsonsecurity.com/2011/04/spyeye-targets-opera-google-chrome-users/\r\nhttps://krebsonsecurity.com/2011/04/spyeye-targets-opera-google-chrome-users/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "Malpedia" ], "origins": [ "web" ], "references": [ "https://krebsonsecurity.com/2011/04/spyeye-targets-opera-google-chrome-users/" ], "report_names": [ "spyeye-targets-opera-google-chrome-users" ], "threat_actors": [], "ts_created_at": 1775434532, "ts_updated_at": 1775826748, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/0b4a1d2a389de5e1092b56ccdb37417616d1055b.pdf", "text": "https://archive.orkl.eu/0b4a1d2a389de5e1092b56ccdb37417616d1055b.txt", "img": "https://archive.orkl.eu/0b4a1d2a389de5e1092b56ccdb37417616d1055b.jpg" } }