Banking Malware Spreading via COVID-19 Relief Payment Phishing [bleepingcomputer]
by CIRT Team
The Zeus Sphinx banking Trojan has recently resurfaced after a three years hiatus as part of a coronavirus-themed phishing campaign, the most common theme behind most attacks by far during the current pandemic.
Zeus Sphinx (also known as Zloader and Terdot) is a malware strain that was initially spotted back in August 2015 when its operators used it to attack several British financial targets and it is almost entirely based on the Zeus v2 Trojan’s leaked source code (just as Zeus Panda and Floki Bot).
This malware was later used in attacks targeting banks from all over the globe, from Australia and Brazil to North America, attempting to harvest financial data via web injections that make use of social engineering to convince infected users to hand out auth codes and credentials. TOP ARTICLES1/5READ MORESodinokibi Ransomware to stop taking Bitcoin to hide money trail
Back after a three-year break
The ongoing Zeus Sphinx campaign uses phishing emails that come with malicious documents designed to look like documents with information on government relief payments.
“While some Sphinx activity we detected trickled in starting December 2019, campaigns have only increased in volume in March 2020, possibly due to a testing period by Sphinx’s operators,” as IBM X-Force researchers Amir Gandler and Limor Kessem found.
“It appears that, taking advantage of the current climate, Sphinx’s operators are setting their sights on those waiting for government relief payments.”
For more, click here.