IBM and FireEye have spotted a campaign that relies on fake “COVID-19 Payment” emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada, and Australia. The malware is also known as SILENTNIGHT, Zloader, and Terdot, and has been dormant for nearly three years. It has been detected in the inboxes of “individuals at corporations across a broad set of industries and geographies.” The emails are customized for each of the three targeted countries, either promising a “COVID-19 payment” in local currency, or offering guidance for business grants and loans in response to the pandemic. The payload is deployed by a Word-format document containing a macro.
Cybersecurity, Privacy, & AI
Trending Now
GAO Evaluation of CMMC Program and Important Information for Defense Contractors • Safe AI Pathfinding Is Essential for Government Adoption, Officials Say • DoD ‘Confident’ It Can Replace Anthropic’s Claude Within Six Months, but Some Warn Transition Won’t Be Easy • CISA Asks Organizations to Strengthen Endpoint Management Systems • White House Releases Regulatory Vision for AI
Corporate Workers Warned of “COVID-19 Payment” Emails Delivering Banking Trojan
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.