Phishing Kit Targets European Banks, Bypasses MFA

Summary: This article discusses the cost of a phishing-as-a-service platform and how cybercriminals are targeting European banking clients with this method.

Threat Actor: Cybercriminals | Cybercriminals
Victim: European banking clients | European banking clients

Key Point :

  • Cybercriminals are using a phishing-as-a-service platform to target European banking clients.
  • The cost of this platform ranges from $130 to $450 per month.
  • The phishing kit used by the cybercriminals allows them to impersonate more than 50 banks in Europe.

Cybercrime
,
Fraud Management & Cybercrime
,
Social Engineering

Cost of Phishing-as-a-Service Platform Ranges From $130 to $450 per Month

Phishing Kit Targets European Banks, Bypasses MFA
The V3B phishing kit allows fraudsters to impersonate more than 50 banks spread across Europe. (Image: Shutterstock)

Cybercriminals are targeting European banking clients with a phishing-as-a-service platform that retails for between $130 and $450 per month and allows fraudsters to bypass multifactor authentication.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Resecurity researchers found a phishing kit they named V3B that has been operational since March 2023 and that allows fraudsters to mimic more than 50 financial institutions across the continent.

The phishing kit’s retail price depends on the modules and supported banks included. It enables fraudsters to employ social engineering and spoofing tactics to trick victims into revealing sensitive information in order to intercept banking credentials and credit card details.

A threat actor named “Vssrtje” promotes the kit on Telegram and dark web communities. Researchers estimate hundreds of cybercriminals use this kit, resulting in significant financial losses for European banking customers. The Telegram channel associated with this group has over 1,255 members.

The V3B phishing kit is designed to evade detection and supports real-time interaction to bypass MFA. In addition to traditional tokens such as SMS codes, it handles QR Codes and PhotoTAN methods. PhotoTAN is a second-factor authentication app common in Germany and Switzerland that provides transaction authentication numbers by scanning pixelated graphics.

The kit also includes advanced obfuscation techniques and anti-bot measures to avoid detection.

In addition to targeting banks, the V3B kit supports the interception of credit card data. Recently, developers released a module to support International Card Services with templates in Dutch.

The kit’s features include multicountry targeting, encrypted code, mobile and desktop interfaces, and live chat with victims.

VB3 uses the Telegram API to transmit intercepted payment data to fraudsters, alerting them to successful attacks. This allows attackers to initiate specific actions from the victim, such as asking for login details, SMS/OTP codes and credit card information.

Phishing attacks have caused substantial financial losses globally, and the European Union has been particularly vulnerable due to its significant economy and mature financial system.

Source: https://www.bankinfosecurity.com/phishing-kit-targets-european-banks-bypasses-mfa-a-25395


“An interesting youtube video that may be related to the article above”