Cybercriminals attack banking customers in EU with V3B phishing kit

June 10, 2024, 11:31 a.m.

Description

An analysis reveals that a cybercriminal group is distributing sophisticated phishing kits to target banking customers in the European Union. These kits, designed to steal sensitive information like credentials and OTP codes, utilize social engineering tactics to deceive victims into revealing personal data. The kit, called 'V3B,' is available through a Phishing-as-a-Service model and can be self-hosted. It supports over 54 financial institutions, featuring customized templates that mimic online banking and e-commerce systems across multiple European countries. The threat actors employ advanced techniques like encrypted code, anti-bot measures, live chat interactions, and support for features like QR Codes, PhotoTAN, and Smart ID for authentication bypass. The phishing kit has gained a significant user base, estimated at hundreds of cybercriminals, resulting in substantial financial losses for banking customers across the EU.

External References

https://www.resecurity.com/blog/article/cybercriminals-attack-banking-customers-in-eu-with-v3b-phishing-kit
https://otx.alienvault.com/pulse/6666e16598de923f59eb5c07
Tags
phishing
cybercrime
fraud
social-engineering
banking
2024-06-10

Date

  • Created: June 10, 2024, 11:20 a.m.
  • Published: June 10, 2024, 11:20 a.m.
  • Modified: June 10, 2024, 11:31 a.m.

Indicators

  • https://mijni-cs.bezoeknummer0734859938.info/sca/7a970cab144c3e89685550829fe62941/login
  • http://verifieer-nu.com/verificatie/66422f472f10c
  • http://valideren-mijn-ics-web1.online/sq0.php?session=664483b236193
  • http://redirect-bunq-client.ru/account/321/
  • http://reaktivieren-icsservice.nl/icscard.nl-v1/
  • http://reaktivieren-icsservice.nl/icscard.nl-v1/ics-log.php
  • http://lnloggen-app.online/
  • http://lcs-valideren.online/ics/sca-app/663e0152c96c0
  • http://kontoaktualisierer-nl.com/icscard.nl-v1
  • http://gemiste-aanmaning.com/belasting
  • http://ics-beveiligde-verificatie.com/sqi.php
  • http://bvstigveriapp.online/pay/664130fb17583
  • http://bunq-app-nl.net/K8IjL9/1M3k/lgn
  • http://app-lnloggen.online/authenticatie/inloggen/nl
  • http://abnamro.nl-appverifi.com/3/jjfosp/o34432fpo/index4.php
  • bltvavo-bevestig.nt8zd3.ru
  • mijni-cs.bezoeknummer0734859938.info
  • accounxt.bitvaqvio.nl-csdki.com
  • abnamro.nl-appverifi.com
  • verifieer-nu.com
  • verifieer-gegevens.com
  • valideren-mijn-ics-web1.online
  • redirect-bunq-client.ru
  • reaktivieren-icsservice.nl
  • reaktivieren-icscard.nl
  • nl-appverifi.com
  • nl-bunq-bijwerkerking.com
  • lnloggen-app.online
  • lcs-valideren.online
  • kundenaktualisierungen.cc
  • icscardsvoorschriften.nl
  • kontoaktualisierer-nl.com
  • icscards-nl.com
  • ics-beveiligde-verificatie.com
  • ics-cards.org
  • gemiste-aanmaning.com
  • bunq-app-nl.net
  • bvstigveriapp.online
  • black-loans7.shop
  • bezoeknummer48912543221.info
  • belastingoverzicht.info
  • belastingdienst-schuld.nl
  • app-lnloggen.online
  • abn-amro-gobal.com
Download all indicators here!

Attack Patterns

  • Vssrtje

Additional Informations

  • Finance
  • Luxembourg
  • Finland
  • Ireland
  • Greece
  • Austria
  • Belgium
  • Netherlands
  • Italy
  • France
  • Germany
  • United Kingdom of Great Britain and Northern Ireland