Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker.
The threat is not new, hackers are again attacking clients of Portuguese banking organizations via a specially crafted Android Trojan-Banker from phishing campaigns launched from Brazil.
The last occurrence this line was recorded on March 13rd, 2020, where a similar Trojan-Banker was disseminated targeting other clients of different banking organizations.
List of some baking campaigns this Brazilian threat group has performed in Portugal:
13/03 – Novo Banco Trojan-Banker12/03 – Caixa Geral Depósitos13/02 – Millennium BCP e Montepio20/01 – Montepio e Millennium BCP14/01 – Santander e Novo Banco12-2019/01-2020: Lampion Trojan(…)
The campaign starts with newly domain names that mimic the target organization. The domains are usually registered on the day before (or on the same day) on which the threat occurs.
All the noticed campaigns have been registered on 0xSI_f33d, an open-sharing feed focused on malicious campaigns only targeting Portuguese citizens.
Figure 1: 0xSI_f33d – feed that compiles phishing and malware campaigns targeting only Portuguese citizens.
These campaigns have been noticed from the beginning of 2020, where phishing and smishing campaigns are launched to target users probably obtained via other malicious waves.
Figure 3: Templates used in the malicious campaigns in Portugal.
What is the main advantage of a malicious ..
Support the originator by clicking the read the rest link below.
