Researchers have stumbled upon a new phishing campaign targeting Raiffeisen Bank customers. The attack is based on the infamous Android banking Trojan, MazarBot, which has previously been distributed via SMS, email spam and numerous fake pages. The campaign seeks to trick people into filling in their logging credentials in a bogus page, which looks absolutely identical to the original Raiffeisen site.
Please see below for some thoughts on this from Leigh-Anne, Galloway, Cyber Security Resilience lead at Positive Technologies:
“This type of attack relies on a phishing campaign to spread the malware. The attackers have scraped website content and bought a domain that looks similar to the real banking website.
“It’s important for users to check the website address (URL) to make sure this is consistent with the real bank. A lot of these types of attacks rely on the fact that a mobile browser will not display the full URL of the website, as we can see in this case the first part of the domain seems very similar to the actual bank website. Remember it is very unlikely that any reputable company will ask you via email to make a bank transfer or provide personal information via email. Browse the website checking that all the page’s work, look at the language used on the page. If it seems off, or there are misspellings then trust your instinct and don’t use the website. Never download applications from untrusted sources and always check the permissions before installing. ”