Sophisticated Phishing Scam Linked to Hackers
Robin Banks – It is doing just as its name suggests. It is the latest hacking threat launched against the banking industry. The brand-new scam has been identified as a service connected to the (PhaaS) platform. The phishing scam dubbed “Robin Banks” utilizes pre-made phishing kits that are maliciously coded by criminal hackers.
According to cyber security specialists, the malware’s sole intention is to target individuals that are bank account holders at some of the USA’s most reputable banks. In addition, the hackers have targeted financial institutions in other countries and other online businesses.
In addition, the Robin Banks virus also targets and steals private info from popular brands like T-Mobile, Netflix, Google, and Microsoft accounts. By implementing maliciously coded templates the hackers, additionally, hacked accounts from major financial institutions such as Wells Fargo, Citibank, Capital One, Bank of America, PNC, and the U.S. Bank.
Robin Banks is also responsible for hacking attacks on global financial entities such as Lloyds Bank, Santander, and the Commonwealth Bank of Australia. These are just a few of the high profile companies that the criminal hackers have unleashed the dangerous malware on.
And according to IronNet, the Robin Banks malware has been featured in extensive hacking campaigns, since it was first discovered by the security team. The analysts documented that they have traced the hijacking campaign to mid-June, when the dark web hackers utilize phishing email campaigns and SMS messages to target victims.
IronNet analysts uncovered that the criminal hackers’ phishing themes effectively produced high-quality attacks, which are capable of reaching customers associated with some of the major financial institutions in the USA, and even other monetary establishments in other parts of the world.
Robin Banks, 16Shop and BulletProftLink Scams
Robin Banks’s professional design equipped to unleash fast producing high-quality phishing attacks offered criminal hacking groups two price tiers. For $50 per month, the threat actors are gifted with single pages phishing attacks, and 24/7 customer service assistance. However, with the second tier, $200 per month was charged to get unlimited access to all the templates available, as well as 24/7 assistance from the creator of the new malware.
Additionally, the threat actors get access to a dashboard to analyze the success of launched phishing campaigns. Also, they received hacking tools that quickly construct new phishing campaigns, even money management was a part of the unique package. Additionally, the reCAPTCHA setup that prevents bots signups; it also monitors user agent strings that exclude some individuals.
With its highly focused ads, Robin Banks even outer perform more expensive phishing campaigns like 16Shop and BulletProftLink. And even though these were more popular phishing kits, Robin Banks has more sophisticated capabilities, and has a more user-friendly WebGUI.
IronNet’s research indicated that the criminal hackers constantly upgraded the new PhaaS platform by introducing new templates that seamlessly evolve to replicate the images of the targeted entities. Thus, these unique benefits have catapulted Robin Banks to the top of the list on dark web forums. So far, it has gained a lot of traction among cyber criminals during the past few months.
In a recently active campaign discovered by IronNet, a Robin Banks scammer sent SMS alert messages to Citibank customers about “strange usage” of their debit cards. With the accompanying alerts, the hackers prompted the targeted victims to enter private info, after clicking on a malicious link to to remove the purported security restrictions.
Next, the search browser is fingerprinted at the phishing site to determine if a mobile or desktop maliciously coded web page should be presented to the impending victim. With the end process, two unique tokens are sent to the Robin Banks API, where the criminal hackers steals the requisite information from unsuspecting victims.