The Zeus banking malware uses webinjects, form grabbing, keylogging, and other functionality to steal credentials, personally identifiable information (PII), and ultimately money from its victims. It has been a fixture within the cybercrime landscape since 2006. With the release of its source code in 2011, Zeus has splintered into many different malware families.

The goal of the zeusmuseum. is to find, categorize, and lightly document every version of these Zeus-derived families. There are currently 36 families (1 active), 580 versions, 8 deep dives, 468 curated references, 13 FOIAs, 97019 samples, and 2 notable actors in the museum.


curator@zeusmuseum.com / @tildedennis