Threat actor targeting UK banks in ongoing AnyDesk social engineering campaign
Aug. 9, 2024, 12:12 p.m.
Description
Threat analysts are tracking an ongoing campaign that employs fake websites and social engineering tactics to distribute a malicious version of the AnyDesk remote access software to Windows and macOS users. Once installed on a victim's machine, it is being utilized to steal data and money. The campaign primarily targets UK banks like HSBC, Natwest, Lloyds, Santander, and Virgin Money, as well as Avast, Ledger, and Wise.
Tags
Date
- Created: Aug. 9, 2024, 11:45 a.m.
- Published: Aug. 9, 2024, 11:45 a.m.
- Modified: Aug. 9, 2024, 12:12 p.m.
Indicators
- 193.143.1.14
- 91.215.85.79
- wisebanksupport.com
- wise-chatonline.com
- viriginmoneychatonline.com
- virginmoneyonlinechat.com
- virginmoneylivehelp.com
- virginmoneychatonline.com
- virginmoney-onlinechat.com
- virginmoney-help.com
- virginmoney-online.com
- virginmoney-chatonline.com
- virginmoney-chat.com
- remotesupport.help
- natwestonlinesupport.com
- natwestlivechathelp.com
- natwestchathelp.com
- natwestchat.com
- lloydsbankhelp.com
- liveapp-support.com
- ledgeronlinehelp.com
- ledgerhelpwithmydevice.com
- ledgerhelponline.com
- ledger-webapp.com
- hsbcliveportal.com
- hsbchelponline.com
- helpbusinessonline-boi.com
- hsbchelp.com
- ezjay-krasivo.ru
- cooponlinechat.com
- boionlinehelp.com
- boihelponline.com
- boi-support.com
- boi-chat.com
- barclayswebhelp.com
- barclays-online-support.com
- bankofirelandonlinehelp.com
- bankofirelandhelpportal.com
- avastvx.com
- avastsp.com
- avastsgp.com
- avastpst.com
- avastsf.com
- avastnw.com
- avastga.com
- avastcv.com
- avastcsw.com
- anz-livechatsupport.com
- anzsupport-livechat.com
- anz-help.com
Attack Patterns
- AnyDesk
- T1200
- T1071.004
- T1528
- T1059.001
- T1572
- T1497
- T1071.001
- T1105
- T1055
- T1219
- T1498
- T1204
- T1566
- T1059
Additional Informations
- Finance
- United Kingdom of Great Britain and Northern Ireland