June 4, 2024 at 02:56PM
Cybercriminals are promoting ‘V3B,’ a new phishing kit on Telegram targeting customers of major financial institutions in multiple European countries. The kit, priced between $130-$450 per month, features advanced obfuscation, localization options, and a live chat for real-time interactions to obtain sensitive information. This indicates a growing trend in cybercrime.
From the meeting notes, it’s clear that a new phishing kit named ‘V3B’ is being heavily promoted on Telegram and is specifically targeting customers of 54 major financial institutes in multiple European countries. The kit is being priced between $130 and $450 per month, depending on the features purchased, and offers advanced obfuscation, localization options, OTP/TAN/2FA support, live chat with victims, and various evasion mechanisms.
The Resecurity researchers who discovered V3B noted that its Telegram channel already has over 1,250 members, indicating quick traction in the cybercrime space. This phishing-as-a-service (PhaaS) platform is designed to work on both mobile and desktop platforms, intercepting banking account credentials and credit card details, and allowing real-time interaction with victims through a live chat feature.
The stolen information is transmitted back to cybercriminals through the Telegram API, and the kit also supports features such as QR code login jacking, which takes advantage of a false sense of legitimacy, and technologies to bypass advanced authentication methods used by German and Swiss banks. Resecurity emphasized that such phishing kits enable low-skilled threat actors to launch highly damaging attacks against unsuspecting bank customers.
Additionally, the meeting notes reference the recent takedown of LabHost, one of the largest PhaaS operations, which mainly targeted U.S. and Canadian banks. This suggests that there is a growing challenge in combating account takeover for both private and corporate customers.