Malware researchers at Talos group have discovered a strain of Zeus banking Trojan that abuses the legitimate website of the Ukraine-based accounting software developer Crystal Finance Millennium (CFM) The attack occurred in August 2017, during the time frame associated with the observance of the Independence Day holiday in Ukraine. Most of the infected systems were located in Ukraine, followed by the U.S. most heavily affected. The researchers discovered that one of the domains used to host the malware payload was associated with CFMs website, also to distribute PSCrypt ransomware.”]
Source: https://securityaffairs.co/wordpress/67475/malware/zeus-banking-trojan.html