Operators of an off-the-shelf botnet kit have unleashed new malware that can steal large sums of money by targeting cloud-based payroll service providers, a researcher from security firm Trusteer said on Tuesday.

A configuration of the Zeus-based malware specifically targets Canadian payroll provider Ceridian, according to a blog post by Trusteer CTO Amit Klein. When someone accesses the service with an infected PC, the malware captures a screenshot that includes a graphical icon previously selected by the user from the site's image-based authentication system. Combined with the user ID, password, and company number that the bot also acquires, the screenshot gives attackers everything they need to access private accounts on the service.

Over the past decade, crimeware kits such as Zeus, SpyEye, and Eleonore have offered countless updates that expand the types of online services targeted by the malware. Botnet operators have long used their wares to infiltrate payroll departments of small- and medium-sized businesses. The Zeus malware's ability to attack Ceridian is part of the regular update cycle in the malware black market.