IBM and FireEye have spotted a campaign that relies on fake “COVID-19 Payment” emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada, and Australia. The malware is also known as SILENTNIGHT, Zloader, and Terdot, and has been dormant for nearly three years. It has been detected in the inboxes of “individuals at corporations across a broad set of industries and geographies.” The emails are customized for each of the three targeted countries, either promising a “COVID-19 payment” in local currency, or offering guidance for business grants and loans in response to the pandemic. The payload is deployed by a Word-format document containing a macro.
Cybersecurity, Privacy, & AI
Trending Now
Plankey Withdraws Nomination to Lead CISA • What Federal Leaders Need to Know About Iran’s Cyber Campaign • Navy Deploys SABER Cybersecurity System Fleetwide • The Supreme Court Is About to Decide How Far Geofence Warrants Can Go • FedRAMP Solicits Public Comment on Overhaul to Incident Communications Procedures
Corporate Workers Warned of “COVID-19 Payment” Emails Delivering Banking Trojan
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.