Banking Malware Spreading via COVID-19 Relief Payment Phishing
The Zeus Sphinx banking Trojan has recently resurfaced after a three years hiatus as part of a coronavirus-themed phishing campaign, the most common theme behind most attacks by far during the current pandemic.
Zeus Sphinx (also known as Zloader and Terdot) is a malware strain that was initially spotted back in August 2015 when its operators used it to attack several British financial targets and it is almost entirely based on the Zeus v2 Trojan's leaked source code (just as Zeus Panda and Floki Bot).
This malware was later used in attacks targeting banks from all over the globe, from Australia and Brazil to North America, attempting to harvest financial data via web injections that make use of social engineering to convince infected users to hand out auth codes and credentials.
Posted on April 2, 2020