You higher keep on your toes when logging in to your account must you occur to be a shopper of Raiffeisen Bank – somebody is likely to be out to grab your credentials.
Malware researcher Lukas Stefanko has stumbled upon a brand new phishing marketing campaign concentrating on Raiffeisen Bank prospects. While new, the assault is primarily based on the notorious Android banking Trojan, MazarBot, which has beforehand been distributed through SMS, e mail spam and quite a few pretend pages.
The marketing campaign seeks to trick folks into filling of their logging credentials in a bogus web page, which seems completely equivalent to the unique Raiffeisen web site.
This is what the rip-off web page seems like in contrast with the actual factor
Once a person has entered their login particulars, the data is robotically despatched to the attacker. But this is not the place the assault ends.
Victims are then redirected to a different webpage the place they’re prompted to obtain and set up one other malicious app, disguised as a devoted Raiffeisen Bank Security app. The web page additionally options intensive step-by-step directions learn how to full the set up. There’s even a QR code for a simple obtain.
As the researcher explains, the core perform of the app is to lure customers into offering much more credentials.
For these , Stefanko has uploaded footage displaying how the malware works in motion. Check it out right here:
Stefanko notes that, because the attackers used an URL shortener to redirect to the obtain web page, he was capable of see what number of instances the hyperlink was accessed. Fortunately, the malicious software program was downloaded by lower than 40 folks in whole – most of whom had been primarily based in Austria.
This isn’t the primary time Raiffeisen Bank purchasers have been focused in malicious assaults. Back in March, the financial institution instructed Reuters several of its Polish branches fell victim to the Lazarus malware. The attack was quickly identified and resolved.