Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday February 24 2020, @11:43AM   Printer-friendly
from the emotet,-emotet,-emotet dept.

SMS Attack Spreads Emotet, Steals Bank Credentials:

A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.

Attackers are sending SMS messages purporting to be from victims' banks – but once they click on the links in the text messages, they are asked to hand over their banking credentials and download a file that infects their systems with the Emotet malware.

Emotet has continued to evolve since its return in September, including a new, dangerous Wi-Fi hack feature disclosed last week that can let the malware spread like a worm. Now, this most recent campaign delivers the malware via "smishing," a form of phishing that relies on text messages instead of email. While smishing is certainly nothing new, researchers say that the delivery tactic exemplifies Emotet's operators constantly swapping up their approaches to go beyond mere malspam emails – making it hard for defense teams to keep up.

[...] The SMS messages purport to be from local U.S. numbers and impersonate banks, warning users of locked bank accounts. The messages urge victims to click on a link, which redirects them to a domain that's known to distribute Emotet (shabon[.]co). Visually, when victims click on the link they see a customized phishing page that mimics the bank's mobile banking page.

Threatpost has reached out to X-Force researchers regarding how many victims have received the SMS messages, and which banks the messages purport to be associated with.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday February 24 2020, @06:41PM

    by Anonymous Coward on Monday February 24 2020, @06:41PM (#961922)

    "I'm pretty sure I never saw /Politicians Fear Envelope Attack/ headlines when the anthrax white powder scares were going around"

    Yeah but some probably called it a "mail" attack.