Cybercrime , Fraud Management & Cybercrime , Social Engineering
Phishing Kit Targets European Banks, Bypasses MFA
Cost of Phishing-as-a-Service Platform Ranges From $130 to $450 per MonthCybercriminals are targeting European banking clients with a phishing-as-a-service platform that retails for between $130 and $450 per month and allows fraudsters to bypass multifactor authentication.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Resecurity researchers found a phishing kit they named V3B that has been operational since March 2023 and that allows fraudsters to mimic more than 50 financial institutions across the continent.
The phishing kit's retail price depends on the modules and supported banks included. It enables fraudsters to employ social engineering and spoofing tactics to trick victims into revealing sensitive information in order to intercept banking credentials and credit card details.
A threat actor named "Vssrtje" promotes the kit on Telegram and dark web communities. Researchers estimate hundreds of cybercriminals use this kit, resulting in significant financial losses for European banking customers. The Telegram channel associated with this group has over 1,255 members.
The V3B phishing kit is designed to evade detection and supports real-time interaction to bypass MFA. In addition to traditional tokens such as SMS codes, it handles QR Codes and PhotoTAN methods. PhotoTAN is a second-factor authentication app common in Germany and Switzerland that provides transaction authentication numbers by scanning pixelated graphics.
The kit also includes advanced obfuscation techniques and anti-bot measures to avoid detection.
In addition to targeting banks, the V3B kit supports the interception of credit card data. Recently, developers released a module to support International Card Services with templates in Dutch.
The kit's features include multicountry targeting, encrypted code, mobile and desktop interfaces, and live chat with victims.
VB3 uses the Telegram API to transmit intercepted payment data to fraudsters, alerting them to successful attacks. This allows attackers to initiate specific actions from the victim, such as asking for login details, SMS/OTP codes and credit card information.
Phishing attacks have caused substantial financial losses globally, and the European Union has been particularly vulnerable due to its significant economy and mature financial system.