Banking trojan
Zeus
aka Zbot · Zeus · Gameover ZeuS · Citadel
The archetypal banking trojan whose 2011 source-code leak spawned a vast family of descendants — Citadel, Gameover, Atmos and more.
Zeus (Zbot) is the banking trojan that defined the genre. First seen around 2007, it pioneered man-in-the-browser attacks: injecting fake fields into real banking pages (web injects) and grabbing credentials before encryption. A builder let low-skill criminals generate custom samples.
The source-code leak
In 2011 the Zeus source code leaked publicly, seeding a sprawling family tree — Citadel, Ice IX, Atmos — and influencing nearly every banking trojan since. The most notorious descendant, Gameover ZeuS, used a peer-to-peer botnet and was tied to Cryptolocker distribution before the 2014 Operation Tovar takedown.
Attribution
The FBI attributes Gameover ZeuS to Evgeniy Bogachev, still among its most wanted. Related campaigns appear on Cyber Breaches, and a web-inject teardown on the Reverse Engineering Hub.
Defense
Transaction monitoring, browser-integrity checks, and blocking known C2 and distribution infrastructure.