Researchers have observed an increase in phishing attacks delivering banking trojans and targeting some of the most well-known banks and potentially affecting millions of customers.
India: the prime target
Trend Micro researchers found five banking malware families targeting customers of seven banks in India via phishing campaigns.
The common factor among all attacks is the entry point which is a text message with a phishing link. The SMS content lures the victims to open the embedded phishing link or malicious app download page.
The malware families—Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy—are being distributed via these phishing emails.
It aims at stealing personal and financial details, tricking the victim to fill in their personal information and credit card details to allegedly get a tax refund or credit card reward points.
Vultur, the banking trojan
Cleafy researchers have found a different campaign, which is using the Google Play Store to deliver Vultur banking malware using a dropper application.
Vultur has improved its techniques to stay undetected as its dropper performs multiple checks before downloading the malware.
It uses advanced evasion techniques before downloading the malware, including steganography, file deletion, and code obfuscation.
The banking trojan has reached a total of more than 100,000 downloads on the Google Play Store.
Conclusion
One common thing among these attacks is that the malware developers are aggressive in developing more capabilities and adding evasion techniques. Experts further indicated that new sophisticated dropper malware could be expected in official stores in the next few months. Therefore, to stay protected, users should remain vigilant and follow best practices, including double-checking the messages and links when providing any sensitive information online.