Using Jabber, stolen data is sent to these particular fraudsters as soon as it is collected from computers infected with the Zeus Trojan. The use of Jabber IM for receiving notification of newly collected compromised accounts or customers’ login attempts is not a new cybercrime technique, researchers say. The Sinowal gang, for example, was known to have employed a Jabber module as early as 2008. Some Trojans have also been configured to send stolen credentials via email, RSA says.”]
Source: https://www.darkreading.com/attacks-breaches/zeus-trojan-uses-im-speed-distribution-of-stolen-data