Home Coronavirus Criminals Resurrect A Banking Trojan To Push COVID-19 Relief Payment Scam
Criminals Resurrect A Banking Trojan To Push COVID-19 Relief Payment Scam

Criminals Resurrect A Banking Trojan To Push COVID-19 Relief Payment Scam

0

Bad actors around the globe are doing everything they can to capitalize on Coronavirus fears. They’re using every tool at their disposal including some that haven’t been seen for several years.

Start a Homeland Security degree at American Military University.

The Zeus Sphinx malware is making a comeback. For the past three years it’s been almost completely silent. Now it’s back and it’s masquerading as COVID-19 relief payments.

In December of last year, researchers with IBM X-Force started detecting signs of activity again. After what appears to have been a brief testing period, that activity has spiked this month.

Like so many of the COVID-19 campaigns that have sprung up in recent months, Zeus Sphinx is being distributed as so-called “malspam.” Emails claiming to offer financial relief bring with them infected documents disguised as government claim forms.

Compromised systems become host to a banking Trojan. IBM X-Force notes that, like the version of Zeus Sphinx that went dormant three years ago, the current campaign is focusing on U.S., Canadian, and Australian bank accounts.

An example phishing email shared by the researchers reveals a relatively unsophisticated attack. While there are no glaring spelling or grammar mistakes to tip off would-be victims, the attachment itself is a giant red flag.

Government agencies and banks aren’t generally in the habit of attaching documents to emails and sending them to people out of the blue. It’s far more likely that such an email — if legitimate — would direct you to visit your account login page.

Even if you were to open the attached document, there’s another red flag inside. The booby-trapped Word document asks recipients to enable macros.

Word doesn’t let you do that by default, and with good reason. It’s a common ploy used in phishing attacks because it allows hackers to leverage legitimate Windows components to deliver the rest of their malicious payloads.

Keep your eyes on your inbox, because this is far from the only Coronavirus scam making the rounds. If you know what to look for you can stay out of harm’s way. These tips from the Department of Homeland Security can help.

 

This article was written by Lee Mathews from Forbes and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

Comments

comments

Online Degrees & Certificates In Cybersecurity

American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.

Request Information

Please complete this form and we’ll contact you with more information about AMU. All fields except phone are required.

Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Validation message here
Ready to apply? Start your application today.

We value your privacy.

By submitting this form, you agree to receive emails, texts, and phone calls and messages from American Public University System, Inc. which includes American Military University (AMU) and American Public University (APU), its affiliates, and representatives. I understand that this consent is not a condition of enrollment or purchase.

You may withdraw your consent at any time. Please refer to our privacy policy, terms, or contact us for more details.