Cybercrime , Fraud Management & Cybercrime , Social Engineering

Phishing Kit Targets European Banks, Bypasses MFA

Cost of Phishing-as-a-Service Platform Ranges From $130 to $450 per Month
Phishing Kit Targets European Banks, Bypasses MFA
The V3B phishing kit allows fraudsters to impersonate more than 50 banks spread across Europe. (Image: Shutterstock)

Cybercriminals are targeting European banking clients with a phishing-as-a-service platform that retails for between $130 and $450 per month and allows fraudsters to bypass multifactor authentication.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Resecurity researchers found a phishing kit they named V3B that has been operational since March 2023 and that allows fraudsters to mimic more than 50 financial institutions across the continent.

The phishing kit's retail price depends on the modules and supported banks included. It enables fraudsters to employ social engineering and spoofing tactics to trick victims into revealing sensitive information in order to intercept banking credentials and credit card details.

A threat actor named "Vssrtje" promotes the kit on Telegram and dark web communities. Researchers estimate hundreds of cybercriminals use this kit, resulting in significant financial losses for European banking customers. The Telegram channel associated with this group has over 1,255 members.

The V3B phishing kit is designed to evade detection and supports real-time interaction to bypass MFA. In addition to traditional tokens such as SMS codes, it handles QR Codes and PhotoTAN methods. PhotoTAN is a second-factor authentication app common in Germany and Switzerland that provides transaction authentication numbers by scanning pixelated graphics.

The kit also includes advanced obfuscation techniques and anti-bot measures to avoid detection.

In addition to targeting banks, the V3B kit supports the interception of credit card data. Recently, developers released a module to support International Card Services with templates in Dutch.

The kit's features include multicountry targeting, encrypted code, mobile and desktop interfaces, and live chat with victims.

VB3 uses the Telegram API to transmit intercepted payment data to fraudsters, alerting them to successful attacks. This allows attackers to initiate specific actions from the victim, such as asking for login details, SMS/OTP codes and credit card information.

Phishing attacks have caused substantial financial losses globally, and the European Union has been particularly vulnerable due to its significant economy and mature financial system.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.