The Sphinx Banking Trojan Gets ‘Olympics’ Update

The Rio 2016 Olympics Games are continuing to attract more and more cybercriminals` attention.

The Sphinx Banking Trojan, also going by the name Zeus Sphinx, has been recently updated and it is now able to target Brazilian-based banking institutions and Boleto payments.

Sphinx is a member of the Zeus Banking Trojan family. Zeus first came on the cybercriminal stage in 2011 when its source code was released online by an unsatisfied customer.

According to IBM X-Force` October report, Sphinx was first detected one year ago, mostly hitting banks in the UK. The developers of the Trojan are Russian and, at the beginning, they were selling their product for $500 per binary.

Since Sphinx is one of the Zeus variants, just like them, it operates by injecting phony webpages inside browsers and uses them to extrude all the data it has gathered via a hidden virtual network computing (VNC) connection.

Now, Sphinx`s authors have made a move clearly driven the Olympics. The Trojan has received an update and, currently, it includes web inject configurations which allow it to target not only three Brazilian top banks but Boleto payments as well. Sphinx is also able to use a multi-step injection that combines social engineering, making it possible for hackers to take advantage of users and steal authentication codes from card readers.

According to IBM, crooks can also target smart mobile devices using web injects. Users are being tricked into downloading applications that will mooch users` authentication codes which the bank has send via SMS.

However, the Sphinx isn’t the only malware with a new Brazilian edition. The timing of this updates can`t go unnoticed. The Rio Olympics have, without a doubt, brought the cyber underworld’s attention to Brazil. One more Zeus variant, Panda banker has also been improved to target Brazilian banking institutions.

Cybercriminals are known to increase their efforts during sporting events, taking advantage of the rise in online activity and interest around the competition to lure users into opening malware spam and phishing pages.” – IBM’s researcher, Limor Kessem, explains.

Statistics show that all Zeus versions, put together, are responsible for 15% of all worldwide attacks in banking Trojans were involved. They are taking the third place after Neverquest (23%) and Dridex (17%).

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.