Jabber Zeus was a cybercriminal syndicate and associated Trojan horse created and run by hackers and money launderers based in Russia, the United Kingdom, and Ukraine. It was the second main iteration of the Zeus malware and racketeering enterprise, succeeding Zeus and preceding Gameover Zeus.

Jabber Zeus was operational from around 2009 until 2010. The crew, consisting of nine core members, sent spam emails containing the Trojan to small businesses. The Trojan would send the victim's banking information, including one-time passwords, in real-time, using the Jabber protocol, to the criminals, who would use the information to drain the victim's bank account of funds and launder it using a massive network of money mules, where it would eventually reach the group. The malware may also have been used for espionage. In September 2010, the Trojan was updated to include several other capabilities designed to enhance its security.

Between September 30 and October 1 of 2010, several key members and money mules for the group were arrested in a joint operation between the Federal Bureau of Investigation, the Russian Federal Security Service, the Security Service of Ukraine, and police agencies in the United Kingdom and the Netherlands. Although the individuals arrested in Ukraine were quickly released due to core member Vyacheslav Penchukov's government connections and no conspirators were arrested in Russia, the group was effectively shut down by the arrests. A year later, in September 2011, the group and malware would re-emerge as Gameover Zeus.

An indictment filed in the District of Nebraska on August 22, 2012, listed nine core Jabber Zeus members:

The indictment charged the core members with bank and computer fraud, racketeering, and identity theft.

The Jabber Zeus crew operated by distributing, usually via spam emails, and installing the namesake malware onto victims' computers, then using it to gain access to their bank accounts. Money would be stolen from the accounts and transferred to a network of money mules who would launder the money before it eventually reached the criminals. The money mules were usually unaware that they were handling stolen finances. The FBI claimed in 2010 that more than 3,500 such money mules existed. The Jabber Zeus crew primarily targeted small businesses. In 2010, investigators estimated that at minimum, $70 million had been stolen by the criminals, with the true number being much higher.

The crew's activity dates back to at least 2009. The initial version of the Jabber Zeus malware was built from the standard Zeus kit, then known as Zeus 2. The malware was mainly distinguished from other Zeus variants by a modification allowing it to send victims' banking credentials, particularly one-time passwords, to the criminals as soon as the victim logged in. The message was sent via the Jabber protocol, hence the name "Jabber Zeus". In September 2010, Bogachev provided the crew with a specialized version of the malware, known as ZeuS 2.1.0.X. This contained other unique capabilities, including a domain generation algorithm to prevent shutdown attempts, regular expression support, and the ability to infect files. The malware was additionally protected by an encryption key that required Penchukov to purchase each copy individually at a cost of $10,000 per copy.

Infected machines, as with other Zeus variants, formed a botnet that could be accessed and controlled by the group. Analysis of several Zeus variants, including Jabber Zeus, uncovered attempts by this botnet to search for secret and sensitive information in Georgia, Turkey, and Ukraine, leading to suspicion that the malware was additionally used for espionage on behalf of Russia.