Researchers have discovered a new SMS phishing campaign targeting mobile numbers in the United States aiming to steal online banking credentials and install the Emotet malware wherever possible.
SMS phishing campaigns, also known as smishing, follows a straightforward recipe. Victims receive an SMS message with an embedded link, sending them to a malicious site. Sometimes, it’s just a phishing scheme, with attackers looking to steal credentials. But the same platform can be used to trick people into installing malware, which could serve a variety of purposes, including transforming the device into a bot for other attacks.
This is the case with this current smishing campaign, which aims to do as much damage as possible, and that includes stealing credentials and infecting terminals with malware. When people open the link in the SMS warning them about a locked bank account, they are redirected to a website that looks very much like the real deal but with a different domain.
“Our researchers found the file on the distributing domain and looked into some obfuscated malicious PowerShell scripts that led us to additional Emotet-serving domains,” said the IBM X-Force researchers. The attackers used a known obfuscation technique that’s found in the TrickBot malware, so it’s possible there’s a connection between the two.
Smishing is part of the same family as phishing (email) and vishing (voice). Tricking users into providing their credentials to a third-party is the main objective. It’s also a good idea to install a security solution, no matter the platform (PC, Mobile, iOS and MacOS), that can spot possible phishing attempts and prevent the installation of malware.
Here’s how users can check if an SMS message or email is actually a scam.