IBM and FireEye have spotted a campaign that relies on fake “COVID-19 Payment” emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada, and Australia. The malware is also known as SILENTNIGHT, Zloader, and Terdot, and has been dormant for nearly three years. It has been detected in the inboxes of “individuals at corporations across a broad set of industries and geographies.” The emails are customized for each of the three targeted countries, either promising a “COVID-19 payment” in local currency, or offering guidance for business grants and loans in response to the pandemic. The payload is deployed by a Word-format document containing a macro.
Cybersecurity, Privacy, & AI
Trending Now
Your AI Agent Could Become Your Biggest Insider Threat • The New Cyber Deterrent Isn’t a Weapon. It’s Cyber Recovery. • Commerce OIG Calls for Changes to NIST Vulnerability Database Management • Pentagon Looks to AI, Other Tech to Help Tackle Contested Logistics Challenges • How Defensive Cyber Responds to Hockey-Stick Growth of AI-Driven Threats
Corporate Workers Warned of “COVID-19 Payment” Emails Delivering Banking Trojan
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.