Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Threat actor targeting UK banks in ongoing AnyDesk social engineering campaign

Aug. 9, 2024, 12:12 p.m.

Description

Threat analysts are tracking an ongoing campaign that employs fake websites and social engineering tactics to distribute a malicious version of the AnyDesk remote access software to Windows and macOS users. Once installed on a victim's machine, it is being utilized to steal data and money. The campaign primarily targets UK banks like HSBC, Natwest, Lloyds, Santander, and Virgin Money, as well as Avast, Ledger, and Wise.

Date

Published: Aug. 9, 2024, 11:45 a.m.

Created: Aug. 9, 2024, 11:45 a.m.

Modified: Aug. 9, 2024, 12:12 p.m.

Indicators

193.143.1.14

91.215.85.79

wisebanksupport.com

wise-chatonline.com

viriginmoneychatonline.com

virginmoneyonlinechat.com

virginmoneylivehelp.com

virginmoneychatonline.com

virginmoney-onlinechat.com

virginmoney-help.com

virginmoney-online.com

virginmoney-chatonline.com

virginmoney-chat.com

remotesupport.help

natwestonlinesupport.com

natwestlivechathelp.com

natwestchathelp.com

natwestchat.com

lloydsbankhelp.com

liveapp-support.com

ledgeronlinehelp.com

ledgerhelpwithmydevice.com

ledgerhelponline.com

ledger-webapp.com

hsbcliveportal.com

hsbchelponline.com

helpbusinessonline-boi.com

hsbchelp.com

ezjay-krasivo.ru

cooponlinechat.com

boionlinehelp.com

boihelponline.com

boi-support.com

boi-chat.com

barclayswebhelp.com

barclays-online-support.com

bankofirelandonlinehelp.com

bankofirelandhelpportal.com

avastvx.com

avastsp.com

avastsgp.com

avastpst.com

avastsf.com

avastnw.com

avastga.com

avastcv.com

avastcsw.com

anz-livechatsupport.com

anzsupport-livechat.com

anz-help.com

Attack Patterns

AnyDesk

T1200

T1071.004

T1528

T1059.001

T1572

T1497

T1071.001

T1105

T1055

T1219

T1498

T1204

T1566

T1059

Additional Informations

Finance

United Kingdom of Great Britain and Northern Ireland