Thursday, October 3, 2024
HomeCyber CrimeHackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit

Hackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit

Published on

A cybercriminal group is selling and distributing a sophisticated phishing kit called “V3B” through Phishing-as-a-Service (PhaaS) and self-hosting methods, which targets EU banking customers and is designed to steal login credentials and one-time codes (OTPs) through social engineering tactics. 

Launched in March 2023 by “Vssrtje,”  the group has amassed a large Telegram channel with over 1,255 members, many of whom are skilled in various fraud techniques, focusing on European financial institutions and has resulted in millions of euros in losses as the criminals further employ money mules to process the stolen financial data. 

Telegram Channel

V3B utilizes customized templates designed to mimic legitimate online banking and e-commerce login and verification processes across various EU countries, including Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy.

- Advertisement - EHA

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

The kit offers advanced features like localization and Multi-Factor Authentication (MFA) support, potentially increasing phishing campaign success rates. 

List of uAdmin Pages available

The V3B + UPanel phishing kit is a credential-stealing scam service sold on the dark web for $130-$450/month in cryptocurrency and uses obfuscated JavaScript to mimic online banking logins from various countries and bypass detection by anti-phishing systems and search engines. 

The kit includes features like multi-language support, anti-bot measures, mobile/desktop interfaces, and live chat to trick victims into revealing one-time passwords (OTPs) or credit card details while the stolen data is sent to the attacker through the Telegram API.  

advanced anti-bot system

A new phishing kit, V3B, targets online banking users by employing real-time interaction and QR code manipulation, which alerts attackers when a victim enters the phishing page, allowing them to dynamically request various credentials like SMS OTP, credit card details, or even a QR code. 

According to Resecurity, many financial services use a legitimate login method, which this QR code functionality exploits, and if the victim scans while logged in, the attacker can steal their session and gain unauthorized access.  

V3B kit actors approach

Fraudsters are developing new methods to bypass strong customer authentication (SCA) used in online banking, as a recent banking trojan kit includes functionalities to request PhotoTAN codes, a popular mobile banking authentication method in Germany and Switzerland that leverages a separate device to generate one-time passwords (OTPs) from special images. 

The kit supports Smart ID, another SCA method used in European and Baltic banking systems, suggesting that fraudsters are keeping pace with the adoption of new authentication technologies and actively developing methods to exploit them, which highlights the ongoing challenges faced by fraud prevention teams in securing customer accounts.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 

Latest articles

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

ANY.RUN Upgrades Threat Intelligence to Identify Emerging Threats

ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify...

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...