Researchers have discovered a new SMS phishing campaign
targeting mobile numbers in the United States aiming to steal online banking
credentials and install the Emotet malware wherever possible.
SMS phishing campaigns, also known as smishing, follows a
straightforward recipe. Victims receive an SMS message with an embedded link,
sending them to a malicious site. Sometimes, it’s just a phishing scheme, with
attackers looking to steal credentials. But the same platform can be used to trick
people into installing malware, which could serve a variety of purposes,
including transforming the device into a bot for other attacks.
This is the case with this current smishing campaign,
which aims to do as much damage as possible, and that includes stealing
credentials and infecting terminals with malware. When people open the link in the
SMS warning them about a locked bank account, they are redirected to a website
that looks very much like the real deal but with a different domain.
“Our researchers found the file on the distributing
domain and looked into some obfuscated malicious PowerShell scripts that led us
to additional Emotet-serving domains,” said
the IBM X-Force researchers. The attackers used a known obfuscation technique
that’s found in the TrickBot malware, so it’s possible there’s a connection
between the two.
Smishing is part of the same family as phishing (email)
and vishing (voice). Tricking users into providing their credentials to a
third-party is the main objective. Users should always check the links and
messages received via SMS or emails and remember that banks don’t request
personal details, including user names, passwords, credit card numbers, PIN, or
anything else, through online connections.
It’s also a good idea to install a security solution, no
matter the platform (PC, Mobile, iOS and MacOS,) that can spot possible
phishing attempts and prevent the installation of malware.