Sphinx
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 90 % (High) |
| Infected Computers: | 102 |
| First Seen: | August 17, 2016 |
| Last Seen: | October 6, 2021 |
| OS(es) Affected: | Windows |
Sphinx is a notorious banking Trojan that is based on the infamous Zeus banking Trojan. The people responsible for Sphinx have increased their operations, creating updates that try to take advantage of the Rio 2016 Olympics to carry out their attacks. This banking Trojan received an update that allows Sphinx to target banks in Brazil, as well as payments using Boleto, undoubtedly a strategy designed to capitalize on the current Olympic Games in Brazil. Sphinx is one of the lesser known Zeus variants that first appeared in 2011. Although the Zeus banking Trojan and its clones are well-known and can be intercepted through conventional PC security measures, Sphinx and other variants of Zeus are still active and responsible for numerous attacks around the world.
Table of Contents
Sphinx is a Variant of the Infamous Zeus Trojan
The first variants of Sphinx were used to target banks in the United Kingdom. Russian threat developers who sold Sphinx on the Dark Web for $500 USD in BitCoins created sphinx. Sphinx is one of the countless variants of Zeus that appeared in 2011 when the code for this infamous banking Trojan was made public. Like other Zeus variants, Sphinx creates fake banking Web pages inside victims' web browser to collect the victim's login and credit card information. Sphinx is making news again due to its adaptation to the Brazil Olympics.
Sphinx’s 2016 Olympics Edition
Although the original version of Sphinx was targeted on European banks mainly, the newly release update to Sphinx includes configurations that allow it to target the websites of the three most popular Banks in Brazil. Sphinx's newest version also is designed to target a popular money ordering service in Brazil called Boleto. This is undoubtedly a move designed to capitalize on the increased traffic centered around the Rio Olympics. Every time the Olympics roll around (or other important sports events such as the FIFA World Cup), threat developers create variants designed to take advantage of the increased attention these events garner.
Some Details About the Sphinx Attack
Sphinx combines social engineering in its attack. Using several steps in its injection attack, Sphinx can manipulate computer users and even collect authentication codes from compromised card readers. Sphinx can trick computer users into downloading fake mobile apps onto their phones, which will collect transaction codes sent to the bank via SMS. There are several ways in which the Sphinx attack is capitalizing on the attention to Brazil. Sphinx is not the only threat that is modifying its attack. For example, the Panda Banker, a different clone of the Zeus banking Trojan, has also been modified so as to target banks in Brazil.
Currently, about 15 percent of global banking Trojan attacks are caused by Zeus Trojan clones and variants, which at one point was the single most popular banking Trojan in history. One of the features that makes Sphinx unique is that it is immune to several measures used by PC security analysts, including blacklisting and tracking by using some specific tools. Sphinx also may carry out attacks even on accounts that have low privileges on the affected computer and even on computers with a slow Internet connection. One of the most devastating aspects of Sphinx, however, is its BackconnectVNC feature. Using this feature, Sphinx lets fraudsters carry out money transfers directly from the victim's computer. This means that a con artist is not limited to simply collecting a victim's online banking data, but can wipe the victim's accounts and credit immediately.
How to Protect Yourself from Sphinx
Ensure that your computer is protected from Sphinx properly with the help of an anti-malware program that is fully up-to-date. Fortunately, Zeus variants are well known and can be intercepted with reliable security software. It is also important to enable security measures such as a two-step authentication on your online banking account.
