IBM X-Force Research has seen the Zeus Sphinx Trojan go through a targetless phase, an exceedingly rare occurrence in the cybercrime arena. The only instruction that repeats in all Sphinx configuration is to inject a victims bot ID into every page he or she visits. This suggests that Sphinx is presently operated by one group, not multiple actors, despite the fact that it was commercially sold in the underground when it was launched in 2015. In 2017, the malware was targeting banks in a number of countries, mostly focusing on Australia, the U.S. and Canada.”]

