Around the World With Zeus Sphinx: From Canada to Australia and Back
IBM X-Force researchers recently identified new
infection campaigns delivering distinct Zeus
Sphinx Trojan variants to online banking users in Canada and Australia.
This is the first time our researchers have observed Sphinx campaigns with
dedicated configurations targeting financial institutions in either of the two
countries. We believe they are part of ongoing testing by Sphinx operators.
Sphinx has been keeping low levels of activity
since August 2016, when it was detected in attacks
on Brazilian banks. The malware authors have been making small, incremental
upgrades to the code.
The recent configurations targeting online banking
consumers in Canada and Australia are used sparingly in what looks like
low-volume testing, not full-blown infection campaigns. The malware’s operators
appear to be looking very carefully to determine which geographies offer the
paths of least resistance.
Zeus Sphinx Targets Banks in Canada and Australia
In Canada, Sphinx’s operators included URLs for
over 33 financial institutes. They focused their target list on credit unions,
likely seeing them as the lower hanging fruit in the Canadian financial sector.
The malware’s targets are consumer accounts.
Dear reader: this post is part of my research work at IBM X-Force. You can read the complete post here.
Comments
Post a Comment