UK Banks Hit With New Zeus Sphinx Variant and Renewed Kronos Banking Trojan Attacks
Two
recent discoveries by IBM Security X-Force researchers indicate that the U.K.
is seeing an increased wave of banking Trojan attacks from two families linked
with the Zeus Trojan: Sphinx and Kronos.
In the
first case, X-Force researchers are the first to confirm that beyond seeing underground
posts of cybercriminals selling a new Zeus variant dubbed Sphinx, this malware
actually exists and is actively attacking banks in the wild.
Sphinx
is commercial malware that is sold to anyone who will pay for it, which means
its targets can vary quite a bit. The most current identified configuration is
targeting several major U.K. banks and one Polish bank. IBM Security X-Force’s
analysis of Sphinx shows it is, for the most part, a replica of Zeus v2
variants.
The
second case has to do with the Kronos Trojan. Kronos is a known banking malware
threat that emerged in mid-2014. Surprisingly, this malware has gone silent for
the past few months and has just reemerged, showing no technical advancements
but a change in turf that focuses on U.K. banks and one bank in India.
The U.K.
is, and has been for many years, a preferred target for cybercrime because of
its prosperous economy and strong adoption of Internet-based services for
banking and payments. While the U.K. is already the most targeted area for
banking Trojan malware configurations (per IBM Trusteer data), the past few
months have shown more activity than usual. Banking Trojans such as Shifu, Zeus
Sphinx and Kronos are configured to launch into action upon access to consumer,
corporate and even wealth management accounts.
This
post brings more information about Zeus Sphinx and Kronos, both of which are
current threats that are trending in the global cybercrime arena.
Read the
rest of this post here
Comments
Post a Comment