Hackers target bank clients in Czechia, Hungary and Georgia in novel phishing campaign - #SpyBanker
Cybersecurity researchers have discovered an intricate phishing campaign targeting bank clients in Czechia, Hungary, and Georgia. The attackers used malicious banking applications that mimicked legitimate ones to steal user data, distributing these apps through third-party websites to bypass security warnings. This campaign, which began in November of the previous year, utilized automated voice calls, SMS messages, and social media ads to convince victims to install the malicious apps. These progressive web applications (PWAs) could access device features such as microphones and cameras, and the phishing websites even imitated the Google Play Store. ESET, the cybersecurity firm that identified these threats, has been collaborating with affected banks to dismantle phishing domains and hacker-controlled servers. Similar attacks were observed in Poland, and experts anticipate that such sophisticated phishing tactics will persist due to the challenge of distinguishing between legitimate and phishing apps once installed.