The UK’s financial services sector is under a renewed wave of attacks from banking malware, according to IBM’s X-Force research team.
The firm’s cybersecurity evangelist, Limor Kessem, explained in a blog post that her team has discovered a new Zeus variant dubbed ‘Sphinx’ in the wild.
“Sphinx is commercial malware that is sold to anyone who will pay for it, which means its targets can vary quite a bit,” she added.
“The most current identified configuration is targeting several major UK banks and one Polish bank. IBM Security X-Force’s analysis of Sphinx shows it is, for the most part, a replica of Zeus v2 variants.”
It’s selling for $500 per binary, with the malware author claiming it communicates with its C&C infrastructure via Tor, making it harder to detect.
“Zeus Sphinx is used for the theft of online banking authentication elements such as user credentials, cookies and certificates. These elements are subsequently used by fraudsters in illicit online transactions typically performed from the user’s own device,” Kessem explained.
“Connection to the endpoint is facilitated via backconnect hidden virtual network computing (VNC), which means the infected endpoint will initiate a remote-access connection to the criminal’s endpoint. This feature allows the attacker to gain user-grade access to the device even through firewall protection.”
At present, over 50% of targets are UK banks, with the US (38%) and Poland (5%) also affected.
The X-Force team also discovered a resurgence of the infamous Kronos trojan, with a new focus on UK banks.
However, there are no new technical updates to the malware, Kessem said.
The renewed focus on the UK’s financial institutions tallies with intelligence from the IBM security group this week which claimed that the Shifu banking trojan had also migrated attacks from Japan to the United Kingdom.
Discovered less than a month ago, the trojan now has 18 UK targets and is apparently infecting hundreds of endpoints each day.
The renewed attacks are perhaps not surprising given that London is the financial capital of Europe and a major hub for the global banking industry.