Zeus Sphinx malware resurrects to leverage and abuse COVID-19 fears

Written by Connor

March 30, 2020

After years of lying dormant, the Zeus Sphinx malware breed was resurrected to capitalize on the coronavirus pandemic at a new wave of scams.

Spam emails claiming to hold the key to book coronavirus cures, texts and phone calls from operators pretending to be banks and utilities affected by the respiratory disease, and imitation coronavirus-preventing goods are being recorded through online marketplaces in response to the outbreak, of which instance numbers have attained 723,000 in the time of writing.

Increases the attention of fraudsters and cyberattackers, and for close to three years has, once more malware that’s been absent, began making the rounds.

The malware emerged as a modular banking Trojan with code components based Zeus v2. The malware targeted institutions across Brazil, Australia, the UK, and the US; and Zeus Sphinx has reemerged through a campaign with a focus on the countries.

The researchers said that Zeus Sphinx has been spread through phishing campaigns packed with malicious files called”COVID 19 relief.” Surveys assert that a form must be filled out to get over that are having to remain at home instead of work during the outbreak funds to tie the folks.

The form either .DOC or .DOCX file formats, use a technique. When downloaded and opened, the file asks that an individual enables macros, which then activates the Zeus Sphinx payload by way of hijacked Windows procedures and a connected command-and-control (C2) server which hosts the malware.

Persistence is maintained by Zeus Sphinx by writing itself in addition to creating keys once installed on a system. using a certificate, the malware tries to prevent detection.

Web shots would be the speciality of the malware, and sometimes, are dependent on the Zeus codebase. Zeus Sphinx will patch explorer.exe and browser procedures — including those used by Google Chrome and Mozilla Firefox — to bring injections when an individual visits a goal page, including an internet banking platform. The code modifies these pages to deceive them into handing over authentication information, which is harvested and delivered to the C2 of the malware.

Zeus Sphinx does include an inherent defect, in. Consequently, if a browser compels an upgrade, IBM claims the internet injection function is”unlikely to survive.”

The effort is one of many and continuing.

Countless COVID-19-themed malicious domain names have emerged lately, and sometimes, cyberattackers are using interesting procedures to dupe victims into visiting these sites.


Leave a Reply

Related Articles

Coronavirus: Hackers are now launching Heaps of email scams Daily

Coronavirus: Hackers are now launching Heaps of email scams Daily

Hackers and crooks, from amateurs to professionally organized criminals, are employing the COVID-19 coronavirus outbreak as a chance to progress their aims in a time when a lot of their targets find themselves distracted, stressed and working from home....

Faster Load Times and better social media integration

Faster Load Times and better social media integration

In its current form, TheHackLabs is virtually finished, the search engine itself is now fully formed with our technology lookup tool working great! Work on the site has been more to improve the user experience over building out more features, we have closely...