Amid the COVID-19 pandemic, the panic it has caused among the general public has proven to be an advantage for the hackers, as they see it as an opportunity to lure innocent victims in the name of relief funds for COVID-19. Cybercriminals are exploiting the COVID-19 theme by launching spams and phishing email campaigns on their targets. Joining this new stream of attacks, another malware has reappeared after a long time named Zeus Sphinx malware.
About Zeus Sphinx
According to recent research conducted by a group of cybersecurity experts, the malware Zeus Sphinx, which is also famous as Terdot or Zloader, was used by Hackers to launch cyberattacks using the COVID-19 government relief funds as a bait to lure the victims.
- Zeus Sphinx was first discovered in August last year, and it became famous as a banking trojan for commercial use, with Zeus v2 being the basis of its core elements.
- Zeus Sphinx was infamous for attacking banks over the US, UK, Brazil, and Australia.
- Zeus Sphinx has reappeared, but this time, it is using COVID-19 relief funds as a ploy while attacking the users of the corresponding banking institutions in the respected countries.
How does it work?
The malware is spreading through COVID-19 relief funds files. Here’s how it’s being covered:
- The recipients receive phishing emails asking them to donate money by filling forms for coronavirus or COVID-19 relief fund.
- The forms in.DOC or DOCX file formats are used to gain entry.
- When downloaded, the file asks the user for access to enable content.
- This activates the Zeus Sphinx, which hijacks the window and establishes a C2 (command-and-control) server for malware.
Note: Zeus Sphinx has an integrated flaw, which is, the trojan can’t attack an updated version of the browser, once it has already been attacked before the update.