Tuesday, June 25, 2024

Hackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit

A cybercriminal group is selling and distributing a sophisticated phishing kit called “V3B” through Phishing-as-a-Service (PhaaS) and self-hosting methods, which targets EU banking customers and is designed to steal login credentials and one-time codes (OTPs) through social engineering tactics. 

Launched in March 2023 by “Vssrtje,”  the group has amassed a large Telegram channel with over 1,255 members, many of whom are skilled in various fraud techniques, focusing on European financial institutions and has resulted in millions of euros in losses as the criminals further employ money mules to process the stolen financial data. 

Telegram Channel

V3B utilizes customized templates designed to mimic legitimate online banking and e-commerce login and verification processes across various EU countries, including Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

The kit offers advanced features like localization and Multi-Factor Authentication (MFA) support, potentially increasing phishing campaign success rates. 

List of uAdmin Pages available

The V3B + UPanel phishing kit is a credential-stealing scam service sold on the dark web for $130-$450/month in cryptocurrency and uses obfuscated JavaScript to mimic online banking logins from various countries and bypass detection by anti-phishing systems and search engines. 

The kit includes features like multi-language support, anti-bot measures, mobile/desktop interfaces, and live chat to trick victims into revealing one-time passwords (OTPs) or credit card details while the stolen data is sent to the attacker through the Telegram API.  

advanced anti-bot system

A new phishing kit, V3B, targets online banking users by employing real-time interaction and QR code manipulation, which alerts attackers when a victim enters the phishing page, allowing them to dynamically request various credentials like SMS OTP, credit card details, or even a QR code. 

According to Resecurity, many financial services use a legitimate login method, which this QR code functionality exploits, and if the victim scans while logged in, the attacker can steal their session and gain unauthorized access.  

V3B kit actors approach

Fraudsters are developing new methods to bypass strong customer authentication (SCA) used in online banking, as a recent banking trojan kit includes functionalities to request PhotoTAN codes, a popular mobile banking authentication method in Germany and Switzerland that leverages a separate device to generate one-time passwords (OTPs) from special images. 

The kit supports Smart ID, another SCA method used in European and Baltic banking systems, suggesting that fraudsters are keeping pace with the adoption of new authentication technologies and actively developing methods to exploit them, which highlights the ongoing challenges faced by fraud prevention teams in securing customer accounts.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 


Latest articles

Hackers Attacking Windows IIS Server to Upload Web Shells

Windows IIS Servers often host critical web applications and services that provide a gateway...

WikiLeaks Founder Julian Assange Released in Stunning Deal with U.S.

WikiLeaks founder Julian Assange has been released from prison after reaching a deal with...

Four Members of FIN9 Hackers Charged for Attacking U.S. Companies

Four Vietnamese nationals have been charged for their involvement in a series of computer...

BREAKING: NHS England’s Synnovis Hit by Massive Cyber Attack

In a shocking development, the NHS has revealed that it was the victim of...

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles