The Zeus Sphinx banking Trojan has recently resurfaced after a three years hiatus as part of a coronavirus-themed phishing campaign. The ongoing campaign uses phishing emails that come with malicious documents with information on government relief payments. The attackers ask the potential victims to fill out a password-protected request form delivered in the form of a password protected request form. After submission, this should allow them to receive relief payments designed to help them out while staying at home. The malware uses the web injects to trick the victims into entering their banks’ websites to alter the victims’ websites and exfiltrate the information to attacker-controlled servers.
Source: https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/