Brazil Can’t Catch a Break: After Panda Comes the Sphinx
Within two weeks of the discovery of Zeus Panda
(Panda Banker) activity, IBM X-Force researchers have uncovered the first signs
of Zeus Sphinx attacks in Brazil. A new version of Zeus Sphinx, which is, like
Panda, also a commercially available Zeus v2 variation, now targets the online
banking and Boleto payment services of three of the top Brazilian banks and one
bank in Colombia, according to its configuration file.
Sphinx is a modular banking Trojan and considered
to be as sophisticated as Panda and Zeus Citadel. The timing of Sphinx’s
migration to Brazil — while the country is hosting a global sporting event —
hardly appears to be a coincidence. Cybercriminals are known to increase their
efforts during sporting events, taking advantage of the rise in online activity
and interest around the competition to lure users into opening malware spam and
phishing pages.
Sphinx: Mythically Treacherous and Double-Edged
Zeus Sphinx is a banking Trojan and is a
commercial offering sold to cybercriminals via underground fraudster boards.
The malware emerged in August 2015, at which point it started targeting major
banks in the U.K. This malware was known to primarily target European entities
until recently.
So, another day, another Zeus? Not quite. Sphinx
has been around for about a year now, launched initially in attacks targeting
U.K. and Australian banks. X-Force Research analyzed Sphinx’s modus operandi at
the time and found that the malware combined elaborate fraud tactics to steal
credentials and one-time passwords.
Sphinx’s configuration fetched webinjections in
real time from its command-and-control (C&C) server, manipulated users to
generate authentication codes with their card readers and even tricked victims
into downloading a malware app to their mobile device to steal transaction
authentication codes sent from the bank via SMS.
This post was part of my work with IBM X-Force. Read the complete blog here.
Comments
Post a Comment