This dangerous new phishing kit is hitting victims across Europe

V3B is being used to impersonate dozens of financial firms already

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from Resecurity have spotted a newphishingkit which is quickly gaining serious traction among cybercriminals.

V3B costs between $130 and $450 per month, depending on the features pack that the buyer acquires. with the developers advertising it via Telegram, in a group which quickly grew to more than 1,250 members.

A phishing kit is a collection of software tools and resources that cybercriminals use to launch phishing attacks. These kits simplify the process of creating and managing phishing campaigns, making it easier for attackers to deceive users into providing sensitive information. Usually, phishing includes an email that forces the victim into a hasty reaction, and a landing page (usually a fake login page from a known service such as Office 365 orGoogle) where the sensitive login credentials are harvested.

Grabbing one-time passwords

Grabbing one-time passwords

V3B creates professionally-designed templates that can mimic many well-known websites and services. It uses heavily obfuscated JavaScript code over a custom content management system (CMS), successfully evading detection from many anti-phishing and search engine bots. The landing pages come in different languages, including Suomi (Finnish), French, Italian, Polish, and German.

Its users are currently impersonating 54 major financial institutions in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy, it was said. However, most financial institutions these days require one-time passwords, ormulti-factor authentication, as a second layer of security.

V3B can successfully bypass this as well, as it comes with an admin panel (uPanel) that allows the scammers to talk to their victims via a chat interface. That way, they can trick the victims into sharing the codes, and apparently, the ruse works quite well.

Finally, the kit is designed to work on both mobile and desktop platforms.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Technologies used for customer authentication by banks may vary,” the researchers said. “However, the fact that fraudsters have started to implement support of alternative OTP/TAN validation mechanisms, rather than relying solely on traditional SMS-based methods, may confirm the challenges that fraud prevention teams will face in combating account takeover for both private and corporate customers."

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Scammers are using fake copyright infringement claims to hack businesses

HPE reveals critical security bug affecting networking access points

From Dishonored to Mafia: Definitive Edition, some of my favorite games are free right now for Amazon Prime members