Attackers Use SMS Phishing to Steal Credentials and Install Emotet Malware

Researchers have discovered a new SMS phishing campaign targeting mobile numbers in the United States aiming to steal online banking credentials and install the Emotet malware wherever possible.

SMS phishing campaigns, also known as smishing, follows a straightforward recipe. Victims receive an SMS message with an embedded link, sending them to a malicious site. Sometimes, it’s just a phishing scheme, with attackers looking to steal credentials. But the same platform can be used to trick people into installing malware, which could serve a variety of purposes, including transforming the device into a bot for other attacks.

This is the case with this current smishing campaign, which aims to do as much damage as possible, and that includes stealing credentials and infecting terminals with malware. When people open the link in the SMS warning them about a locked bank account, they are redirected to a website that looks very much like the real deal but with a different domain.

“Our researchers found the file on the distributing domain and looked into some obfuscated malicious PowerShell scripts that led us to additional Emotet-serving domains,” said the IBM X-Force researchers. The attackers used a known obfuscation technique that’s found in the TrickBot malware, so it’s possible there’s a connection between the two.

Smishing is part of the same family as phishing (email) and vishing (voice). Tricking users into providing their credentials to a third-party is the main objective. Users should always check the links and messages received via SMS or emails and remember that banks don’t request personal details, including user names, passwords, credit card numbers, PIN, or anything else, through online connections.

It’s also a good idea to install a security solution, no matter the platform (PC, Mobile, iOS and MacOS,) that can spot possible phishing attempts and prevent the installation of malware.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: