In their predictions for 2022, cyber security experts from Check Point Software Technologies indicated that phishing will be one of the most frequently used tactics by cybercriminals. As it turns out, at the end of 2021 this trend is intensifying, among others in Poland: at the end of November, the media reported about a phishing campaign targeting mBank’s customers, and just a few days earlier, the Sandomierz police described an incident in which fraudsters swindled over 30,000 people. PLN from a 37-year-old woman. In turn, in September last year, cybercriminals tried to take advantage of the epidemic situation by pretending to be a sanitary inspection.
According to Check Point Research experts, there will be more and more activities of this type, such as the recent social engineering SMS campaign against Iranian citizens, in which cybercriminals pretending to be the Iranian government sent out messages encouraging the download of malicious Android applications, which were to facilitate the course court cases. In fact, the application was created to hijack credit card credentials and two-factor authentication codes. By the time they were obtained, cybercriminals already had an open path to make unauthorized withdrawals from their victims’ accounts.
Experts explain that the Iranian campaign used a technique known as the “smishing” botnet, in which hacked devices are used as bots to spread similar phishing SMS messages to other potential victims. Analysts estimate that the cybercriminals behind the attacks compromised and installed malware on tens of thousands of Android devices, resulting in the theft of billions of Iranian rials.
According to estimates, the average loot from each victim could be as high as $ 1,000-2,000. Moreover, an investigation by Check Point Research revealed that data stolen from victims’ devices was freely available online to third parties because it was not adequately protected.
BUSINESS INTERIA on Facebook and you are up to date with the latest events
- The attack started with a phishing SMS. In many cases, this was a message from the Electronic Judicial Notification System that notifies the victim that a new complaint had been made against them. The SMS contains a link to a website for further investigation of the complaint.
- The website encourages the user to download a malicious Android app and enter credit card details under the guise of a small service fee.
- Once installed, the malicious application stole all SMS messages from the infected device, allowing attackers to use a credit card with SMS access with two-factor authentication sent by credit card companies.
- The malicious application periodically checked the attacker’s controlled C&C server for new commands to be executed. The most notable is the command to send additional phishing SMS messages to the list of new phone numbers.
Unfortunately, similar attacks may also affect Poles in the future. According to experts, hackers use, inter alia, Telegram channels to promote and sell tools used in Iranian phishing attacks. For $ 50-150, cybercriminals provide the full Android Campaign Kit, including a malicious application and basic infrastructure along with a control panel that any unskilled attacker can easily manage with the simple Telegram bot interface! This means that similar tricks could also be used against other Android and online banking users in the coming months.