Raiffeisen Bank malware is phishing for your login credentials

Researchers have stumbled upon a new phishing campaign targeting Raiffeisen Bank customers. The attack is based on the infamous Android banking Trojan, MazarBot, which has previously been distributed via SMS, email spam and numerous fake pages. The campaign seeks to trick people into filling in their logging credentials in a bogus page, which looks absolutely identical to the original Raiffeisen site.

Please see below for some thoughts on this from Leigh-Anne, Galloway, Cyber Security Resilience lead at Positive Technologies:

“This type of attack relies on a phishing campaign to spread the malware. The attackers have scraped website content and bought a domain that looks similar to the real banking website.

“It’s important for users to check the website address (URL) to make sure this is consistent with the real bank. A lot of these types of attacks rely on the fact that a mobile browser will not display the full URL of the website, as we can see in this case the first part of the domain seems very similar to the actual bank website. Remember it is very unlikely that any reputable company will ask you via email to make a bank transfer or provide personal information via email. Browse the website checking that all the page’s work, look at the language used on the page. If it seems off, or there are misspellings then trust your instinct and don’t use the website. Never download applications from untrusted sources and always check the permissions before installing. ”



One thought on “Raiffeisen Bank malware is phishing for your login credentials

    The ability to effectively seize the phish every time, and help employees become more successful at identifying and thwarting phishers starts with a clear view into the types of campaigns that are used. These can be categorised as untargeted or targeted.

    This type of campaign sits on a blurred line between spam and phishing. Most of the emails are caught by email filters, and those that make it through rarely fool the average user. An example is the common 419 scam, which asks recipients for a small sum of money in exchange for a larger repayment at a later date. These can be simply discarded when found, and don’t merit further attention from the security team.

    The distinction between this kind and the amateur untargeted approach is that it is designed to look more realistic and trick users into clicking on a malicious attachment or link. Often, phishers will leverage typical human behaviours – such as sending an email to ourselves – to improve the authenticity of their emails. Many of us send ourselves emails regularly, and are so busy in day-to-day work that we may or may not remember if we did indeed send a certain email. Phishers will take advantage of this to create an email that it looks just like any other. These are still mass, widespread campaigns, but can be harder to detect. Again, this type typically does not warrant much follow-up, and users can be trained to delete them and move on.

    PHISHSpear phishing is targeted at a specific individual, usually to either harvest credentials, drop malware, or both. These types of attacks are often not caught by email filters and can be much more dangerous than mass campaigns. Spear phishing has been reported to cost U.S. businesses an average sum of $1.8 million annually, and these attacks often require involvement of the information security team to add safeguards against the phishers identified.

    This type of phish is evolving quickly – the FBI’s Internet Crime Complaint Centre noted a 1,300 percent increase in exposed losses from these attacks since January 2015. It is also the most dangerous species as it involves spoofing the domains of a target’s trusted colleagues and partners, through emails usually directed at high-ranking executives or officials with the aim to steal money or IP.

Leave a Reply

Your email address will not be published. Required fields are marked *