AMU Cyber & AI Diseases Health & Fitness Homeland Security Infectious Diseases Privacy

Criminals Resurrect A Banking Trojan To Push COVID-19 Relief Payment Scam

Bad actors around the globe are doing everything they can to capitalize on Coronavirus fears. They’re using every tool at their disposal including some that haven’t been seen for several years.

Start a Homeland Security degree at American Military University.

The Zeus Sphinx malware is making a comeback. For the past three years it’s been almost completely silent. Now it’s back and it’s masquerading as COVID-19 relief payments.

In December of last year, researchers with IBM X-Force started detecting signs of activity again. After what appears to have been a brief testing period, that activity has spiked this month.

Like so many of the COVID-19 campaigns that have sprung up in recent months, Zeus Sphinx is being distributed as so-called “malspam.” Emails claiming to offer financial relief bring with them infected documents disguised as government claim forms.

Compromised systems become host to a banking Trojan. IBM X-Force notes that, like the version of Zeus Sphinx that went dormant three years ago, the current campaign is focusing on U.S., Canadian, and Australian bank accounts.

An example phishing email shared by the researchers reveals a relatively unsophisticated attack. While there are no glaring spelling or grammar mistakes to tip off would-be victims, the attachment itself is a giant red flag.

Government agencies and banks aren’t generally in the habit of attaching documents to emails and sending them to people out of the blue. It’s far more likely that such an email — if legitimate — would direct you to visit your account login page.

Even if you were to open the attached document, there’s another red flag inside. The booby-trapped Word document asks recipients to enable macros.

Word doesn’t let you do that by default, and with good reason. It’s a common ploy used in phishing attacks because it allows hackers to leverage legitimate Windows components to deliver the rest of their malicious payloads.

Keep your eyes on your inbox, because this is far from the only Coronavirus scam making the rounds. If you know what to look for you can stay out of harm’s way. These tips from the Department of Homeland Security can help.


This article was written by Lee Mathews from Forbes and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to

Comments are closed.