Analysis of a malicious Apache module, detected by ESET as Linux/Chapro.A, found that Apache is being used to carry out these attacks, injecting malicious content into web pages served by an infected Linux server, without the knowledge of the website owner. Although the malware can serve practically any type of content, in this specific case it installs a variant of Win32/Zbot, malware designed to steal information from online banking customers. While this particular version of Win32/Zbot targets European and Russian banking institutions, Linux/Chapro.A could eventually be used to mount attacks on American banks.