Zeus Sphinx Banking Trojan and Other COVID-19 Financial Relief Phishing Campaigns
NJCCIC Alert
Original Release Date: 2020-04-03
Summary
After three years, the Zeus Sphinx banking trojan has resurfaced in coronavirus-themed phishing campaigns containing information on government relief payments. If the Microsoft Word password-protected attachment is opened and macros is enabled, the payload will be installed and used to harvest user credentials, authentication codes, and financial data via web injections. The threat actors are targeting major banks in the US, Canada, and Australia. Other social engineering lures around the COVID-19 financial relief have also been observed.
Recommendations
The NJCCIC recommends users avoid clicking on links, opening attachments, or enabling macros delivered with unexpected or unsolicited emails, and exercise caution with emails from known contacts. Technical details can be found in the Bleeping Computer post and the Proofpoint post.
Featured Content
- Widespread Exploitation of Microsoft Exchange Vulnerabilities>
- Protecting Against Tech Support Scams>
- PATCH NOW: Critical Vulnerabilities in F5 Software>
- Is Seeing Believing? A Look into Deepfakes>
- Threat Highlight: Impersonation Scams>
- Gootloader Malware Platform Uses Sophisticated Techniques to Deliver Malware>
- Patch Now: Severe Vulnerabilities in Microsoft Exchange Server>
- Event: JerseyCTF, April 10th & 11th, 2021>
- Beware of Tax Scams>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.