HomeNewsZeus Sphinx malware resurfaces due to COVID-19 pandemic

Zeus Sphinx malware resurfaces due to COVID-19 pandemic

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
cyberghost vpn ad

Zeus Sphynx malware targets banking activities, deploy malicious email attachments in an attempt to exploit the uncertainties of Coronavirus, with COVID-19 concept phishing.

The newly upgraded Zeus Sphynx malware re-appeared in December 2019 but became more visible distributing itself via spam emails by centering its malicious activity around the coronavirus pandemic between March and April 2020.

The malware has been targeting mostly banking details of individuals in the US that have been offered relief payments from their government but has also been reported to have struck banks in countries like Australia and Canada after resurfacing from the dark web according to Limor Kessem and Nir Shwarts of IBM X-Force Security.

Various spam emails have been flying around claiming to have cures for the novel coronavirus, phony phone calls, and text messages have also been reported masquerading as government agencies with numbers of victims of these scam reported to have climbed above 723, 000 since the beginning of the recent pandemic.

More About The Zeus Sphynx Malware

Sphynx malware is a password-protected malicious document named “COVID 19 Relief.doc” was created to infect Sphinx banking trojan through email phishing and then uses its macron features to strick the victim’s computer, infecting the victim’s bank’s sphinx trojan once any of its dangerous email attachment is opened (Which is mostly in the form of DOC. Or DOCX file formats).

Zeus Sphynx is a modular malware designed after the source code of the leaked popular Zeus banking trojan has upgraded its latest version with features like web injects which it uses to secretly patch legitimate browsers just to extract sensitive credentials like passwords, credit and debit cards, social security numbers and other vital details from visitors of bank websites.

This malware code can also hijack windows processes, then installs a malware downloader called “kofet.dll”, once successfully installed, Kofet.dll then fetches the final payload from the systems’ C2C server. The malware then builds its presence in a fully hijacked system by modifying the system’s window registry, thereby injecting malicious data into %APPDATA% and other relevant files.

According to IBM, it’s unlikely for Zeus Sphynx malware and its web injection to survive long having been discovered that it has a flaw of the inability to repatch any inflicted browser once the browser upgrades.


John Raymond
John Raymond
John Raymond is a cybersecurity content writer, with over 5 years of experience in the technology industry. He is passionate about staying up-to-date with the latest trends and developments in the field of cybersecurity, and is an avid researcher and writer. He has written numerous articles on topics of cybersecurity, privacy, and digital security, and is committed to providing valuable and helpful information to the public.


Delete Me
Incogni Black Friday Ad
Heimdal Security ad

Subscribe to SecureBlitz Newsletter

* indicates required


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.