Sphinx
Posted: August 17, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 239 |
| First Seen: | August 17, 2016 |
|---|---|
| Last Seen: | October 6, 2021 |
| OS(es) Affected: | Windows |
Sphinx is a banking Trojan based on the same code as the Keylogger Zeus. Sphinx uses browser-injecting techniques to modify the contents of your Web browser's pages, monitor your Web-surfing history, make new requests and collect information. Due to the degree of camouflage included in this threat's activities, malware experts only recommend removing Sphinx through your dedicated anti-malware application.
A New Cyber-Hurdle for the Olympic Games to Jump
Large sporting events are times of great economic opportunity for many businesses, but those industries also include illicit ones, such as threatening software development. Sphinx is a pre-existing Trojan derived from the highly-circulated code of the Keylogger Zeus, but has seen updates giving it new functionality recently. Malware experts saw this Trojan's attacks reconfiguring themselves explicitly for targeting systems and transaction methods based in Brazil.
Although it has shifted its preferable targets, Sphinx does continue using the same attack philosophy as seen in old versions of the Keylogger Zeus and its almost innumerable variants. Sphinx tracks the PC owner's Web-surfing activity and notes attempts to access popular banking portals, particular for major Brazilian banks. Sphinx then may redirect the victim to a copycat phishing site, designed to look nearly identical to the real thing, or modify the displayed page with new, injected content. In either case, Sphinx transfers any information, such as your account password, to a con artists-controlled server.
Like a handful of other Trojans, such as Eupudus, Sphinx also attempts to sabotage Boleto, a Brazilian money-ordering service. Malware experts also saw other, niche features focusing on misappropriating authentication codes from card readers, promoting download links for threatening phone apps, or using multiple-stage injection tactics that persuade victims into giving more information than usual.
Solving the Riddle of the Robbing Sphinx
Even while other threat authors attempt to supplant the Keylogger Zeus's progeny by making all-new Trojans, its code remains a fertile ground for the fast production of new spyware with advanced information-collecting features. Malware experts found the most visible of Sphinx's symptoms acting as deliberate parts of its payload, such as the changes in Web page behavior meant for soliciting extra account data. Staying knowledgeable about your banking site's normal operations and security standards, and monitoring the presence of unofficial URLs or prompts, could keep you from overlooking a Sphinx attack.
Banking Trojans rarely display any visible files, folders, or other components common to normally-installed software. Sphinx doesn't diverge from this truism. Other than the unusual browser behavior noted previously, the Sphinx installations should be expected to exhibit minimal symptoms. While malware experts do recommend using specialized anti-malware products for removing Sphinx, the recent updates to this threat may require corresponding updates in the databases of your security software.
With millions of eyes busily watching Rio's Olympics instead of minding their finances, it can be easy to forget that cyber-security is an issue that, much like Trojan programmers, rarely takes a day off from the job.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.