Threat Detection Library


Mal/Zbot indicates that Sophos has detected the Zbot malware.


Zbot is also known as Zeus. It is a widespread and old malware family that is designed primarily to steal banking data, including usernames, passwords, and the one-time access codes used in two-factor authentication.

Zbot also frequently deploys ransomware like CryptoLocker to make money for its operators.

Zbot was most prevalent in the late 2000s and early 2010s.

You can find information about Zbot attack on Sophos Naked Security here and from the Sophos X-Ops blog here.

If you believe this detection is incorrect, please report this file to Sophos Support.

Send our lab samples for analysis.

Submit a Sample