Emotet Malware Shows Up in SMiShing Attacks Disguised as Bank Notifications



spreading-malwareA newly discovered attack looks to try to make a victim of mobile device holders using a two-pronged attack that uses Emotet and, perhaps, Trickbot.

Security researchers at IBM X-Force have uncovered a new SMiShing attack in which mobile phones are sent a text purporting to be the victim’s bank with a message indicating the account has been locked and requires immediate attention. Using fake bank domains, preoccupied users may miss the fact that the address being used isn’t quite right.

Users that click the link are taken to domains known to distribute Emotet, as well as are presented with phishing pages designed to look like the banking logon page.

According to X-Force researchers, junk news content is found in the initial payload binary – a method used by creators of the Trickbot trojan.

While the attack seems to focus on credential theft, it may be a test pilot for a future campaign. The ability to infect with malware depends on the victim’s client OS, and there’s no current way for cybercriminals to know the make and OS of a victim’s phone ahead of time.

Users need to be mindful of each piece of information provided to them in any kind of unsolicited message – whether via text, in email, or on the web. Users need to be taught with Security Awareness Training to always be suspicious of messages and to look at any provided details (e.g., the domain name provided in the SMiShing attack) to quickly determine it’s bogus and potentially threatening to the user and their organization.


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat-request-a-demo

Subscribe To Our Blog


Your Coronavirus and Work From Home Resource Center




Get the latest about social engineering

Subscribe to CyberheistNews