Home Malware Programs Trojans Sphinx

Sphinx

Posted: August 17, 2016

Threat Metric

Threat Level: 9/10
Infected PCs: 239
First Seen: August 17, 2016
Last Seen: October 6, 2021
OS(es) Affected: Windows

Sphinx is a banking Trojan based on the same code as the Keylogger Zeus. Sphinx uses browser-injecting techniques to modify the contents of your Web browser's pages, monitor your Web-surfing history, make new requests and collect information. Due to the degree of camouflage included in this threat's activities, malware experts only recommend removing Sphinx through your dedicated anti-malware application.

A New Cyber-Hurdle for the Olympic Games to Jump

Large sporting events are times of great economic opportunity for many businesses, but those industries also include illicit ones, such as threatening software development. Sphinx is a pre-existing Trojan derived from the highly-circulated code of the Keylogger Zeus, but has seen updates giving it new functionality recently. Malware experts saw this Trojan's attacks reconfiguring themselves explicitly for targeting systems and transaction methods based in Brazil.

Although it has shifted its preferable targets, Sphinx does continue using the same attack philosophy as seen in old versions of the Keylogger Zeus and its almost innumerable variants. Sphinx tracks the PC owner's Web-surfing activity and notes attempts to access popular banking portals, particular for major Brazilian banks. Sphinx then may redirect the victim to a copycat phishing site, designed to look nearly identical to the real thing, or modify the displayed page with new, injected content. In either case, Sphinx transfers any information, such as your account password, to a con artists-controlled server.

Like a handful of other Trojans, such as Eupudus, Sphinx also attempts to sabotage Boleto, a Brazilian money-ordering service. Malware experts also saw other, niche features focusing on misappropriating authentication codes from card readers, promoting download links for threatening phone apps, or using multiple-stage injection tactics that persuade victims into giving more information than usual.

Solving the Riddle of the Robbing Sphinx

Even while other threat authors attempt to supplant the Keylogger Zeus's progeny by making all-new Trojans, its code remains a fertile ground for the fast production of new spyware with advanced information-collecting features. Malware experts found the most visible of Sphinx's symptoms acting as deliberate parts of its payload, such as the changes in Web page behavior meant for soliciting extra account data. Staying knowledgeable about your banking site's normal operations and security standards, and monitoring the presence of unofficial URLs or prompts, could keep you from overlooking a Sphinx attack.

Banking Trojans rarely display any visible files, folders, or other components common to normally-installed software. Sphinx doesn't diverge from this truism. Other than the unusual browser behavior noted previously, the Sphinx installations should be expected to exhibit minimal symptoms. While malware experts do recommend using specialized anti-malware products for removing Sphinx, the recent updates to this threat may require corresponding updates in the databases of your security software.

With millions of eyes busily watching Rio's Olympics instead of minding their finances, it can be easy to forget that cyber-security is an issue that, much like Trojan programmers, rarely takes a day off from the job.

Related Posts

Loading...