Sphinx, Brolux and Dridex are very sophisticated bank heist software platforms that allow these modern day bank robbers to manage the process of stealing money from anywhere in the world. The attacks that these crimeware applications are able to carry out are impressive. They use webfake redirects or form injection to trick users into submitting credential information so it can then be reused to take control of the users' online banking accounts.
Here is how the scenario goes down. You log in to your online banking system and it asks to verify your information - prove you are who you say you are. Ok, you think, that makes sense, and you proceed to put in your SSN and other private information. What you don't realize is that the blanks you are filling in are not going to your bank, but actually filling in database information on a Sphinx command and control system. Once you have given all the pertinent information, you finish the session and assume your bank is just being thorough - great. The next thing you see is that $3,000 has been mysteriously transferred out of your account to an Eastern Chinese importing company using all the correct credentials.
This scenario is playing out every day all over the world. These cyber bank robbers are raking in more cash than Bonnie and Clyde would have ever even concieved of. The explanations above are over simplified, but illustrate how easy it is for crafty cybercriminals to make loads of money. For a more technical explanation of Sphinx, Dridex and Brolux check out these sites:
Dridex: http://www.theregister.co.uk/2015/10/14/dridex_botnet_takedown/?mt=1444927903077
Brolux: http://www.welivesecurity.com/2015/10/15/brolux-trojan-targeting-japanese-banks/
Sphinx, Dridex and Brolux all use software vulnerabilities to install themselves. Installing the latest patches for Java, Adobe and Microsoft will provide the most broad protection. You should make sure every application installed is up to date, but those 3 are the most commonly exploited.