Fifty-four leading banking organizations in Austria, Belgium, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, and the Netherlands had their customers subjected to attacks with the novel V3B phishing-as-a-service platform, which is being increasingly accessed by threat actors via Telegram, according to BleepingComputer.
Developed on a custom CMS, the V3B phishing kit not only features phishing pages translated into several languages but also enables the interception of one-time passwords and banking account details, which are then exfiltrated using the Telegram API, a report from Resecurity revealed. Aside from allowing QR code generation for phishing pages, V3B also features Smart ID and Photo TAN support aimed at evading Swiss and German banks’ authentication methods.
“…[T]he fact that fraudsters have started to implement support of alternative OTP/TAN validation mechanisms, rather than relying solely on traditional SMS-based methods, may confirm the challenges that fraud prevention teams will face in combating account takeover for both private and corporate customers,” researchers said.