After three years, the Zeus Sphinx banking trojan has returned to the cybersecurity scene amid the global pandemic, aiming to capitalize on government relief efforts. According to two researchers at IBM X-Force, Amir Gandler and Limor Kessem, the trojan began resurfacing in December, however, there has been a significant increase in its activity this past month as the banking trojan’s operators began to take interest in government relief payments.
The banking trojan Sphinx first emerged in August of 2015 and is a modular malware that is based on the leaked source code of the famous banking trojan Zeus. Sphinx has the ability to harvest online account credentials for online banking sites and other services. The malware dynamically fetches web injections from its command and control server. Sphinx has been joining other malware operators in capitalizing on COVID-19 with themed phishing and malspam campaigns.