Quote:The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure.
Sphinx re-emerged in December but saw a big spike in March via the use of coronavirus themes. Since April, it has been seen attacking U.S. targets with a few changed processes. The main upgrades in the latest version, which harvests user credentials and other personal information from online banking sessions, can be found in the process-injection and bot-configuration aspects if the malware’s operations, according to researchers.
“While Sphinx has been an on-and-off type of operation over the years, it appears it is now on-again, with version updates and new infection campaigns that are back to targeting North American banks,” Nir Shwarts and Limor Kessem at IBM X-Force Security wrote in a Monday posting.
In order to survive system reboots, Sphinx establishes persistence by adding a Run key to the Windows Registry. In its latest iteration, Sphinx establishes the Run key depending on its payload format, which can come in either executable or dynamic link library (DLL) versions.
Read more: https://threatpost.com/sphinx-riddle-us-...ns/155621/
![[-]](https://www.geeks.fyi/images/collapse.png)
