Zeus,A Banking Trojan is Back,Available On Dark Web For Sale

A new variant of zeus banking trojan named Sphinx is available on the dark web. Programming language used in sphinx is c++.It can only be accessed through the Tor network. Latest variant of zeus malware,Sphinx comes up with following features:

Features Of Sphinx

  • Certificate Grabber
  • Backconnect Socks and VNC
  • Webinjects and Webfakes
  • XMPP Notification
  • Scripts and Botlists
  • Statistics

Certificate grabber

Sphinx can able to intercept certificate while establishing secure connection or signing file.Sphinx use digital certificate to sign the malware in order bypass the antivirus.

Backconnect Socks and VNC

BackConnect VNC allow to transfer money from victim bank account.It also allow the attacker to disable the firewell and Antivirus soluation.Attacker need not require to do the Port Forwarding due to use of Reverse Connection.It also protect the attackers identity by doing VNC on a different desktop than the victim’s desktop

Webinjects and Webfakes

Webinject is used to change the content of website.Attacker use webinject to obtain the credit card data of Victim.Web Fakes injects complete fake pages which are replicas of a target entity’s webpage without changing the URL.

XMPP Notification

Xampp notification is used to get notification about a user entering into defined resources.Xampp notification will be received in jabber account.

Scripts and Botlists

Attacker create the script to control the activity of bots and botlists are used to filter the bots country wise,IP wise etc...It display the complete detail of bots like Bot's country,ip address,Operating system ,version of operating system,location even victim display in real time basis


  • Number of infected computers.
  • Current number of bots in the online.
  • The number of new bots.
  • Daily activity of bots.
  • Country statistics.
  • Statistics by OS

How does Sphinx get into PC?

Many pc users don't have any idea how Sphinx  gets into their computer as they operate their pc as was common. In most cases, Sphinx is distributed out as associate attachment to several email addresses, once users open the attachment, Sphinx gets in to put victim pc instantly. Additionally, Sphinx will auto find the vulnerability in machine and gain access via exploit kits .Apart from this visiting of harmful websites like Porn sites and therefore the transfer of software package return from unreliable net resources will bring Sphinx into machine.

How to Buy Banking Trojan Sphinx? 

  1. Download and Install Tor Browser
  2. GoTo website https://crimenetwork.biz/index.php?/topic/159726-sphinx-banking-trojan/
  3. SignUp and Login the account
  4. Make payment of $500 USD via Bitcoin and Dash
  5. After seller verify the payment,buyer account is enable for edit the config and request a build.

How to Protect system from Sphinx?

Configure the firewell of network appropriately,Always use updated and genuine anti-virus.Encrypted connection is use while surfing online.Scan the program or data online using VirusTotal before downloading and installing.

Post a Comment