Phishing emails targeting customers of HSBC bank and other financial institutions have been detected.
  • The email messages differ but they all include a file attachment. 
  • When the attachment is opened a web address link appears which directs recipients to a .zip archive. 
  • If this is clicked on malware downloads onto the victim’s computer.
The malware is a Trojan designed to steal banking credentials which are then used to make fraudulent purchases using the victim’s banking details. The malware is flexible in that it offers fraudsters a wide range of remote access, evasion and data stealing options.
This particular malware, known officially as a Remote Access Trojan (RAT),  is being offered for sale on the dark web on a subscription basis of approximately £40 a month or US$50 a month.
The sellers are promoting its many features in order to attract buyers:
  • Mail credential viewer – this decrypts the credentials data running on your system, chiefly passwords of mail accounts stored by Microsoft Outlook, and sends them back to the hackers. 
  • Browser credential viewer – this allows a hacker to view passwords that are stored in a users browser. 
  • Key stroke logger – this covertly records the keys struck on a keyboard so that a person using the keyboard is unaware that their actions are being monitored.
Taken together, the trio of hacking tools provides a powerful means to enable stealthy operations designed to secretly extract sensitive data from a victim’s computer.
From the perspective of potential victims the trick is to be alert for phishing emails.
  • Keep an eye out for emails asking you to confirm personal information that you would never usually provide, such as banking details or login credentials. 
  • A phishing email will appear to come from an address that appears to be genuine. If you examine the email address you may find that it’s bogus although intended to appear as legitimate. 
  • Emails from legitimate companies will have been put together by professional writers. If you have received an unexpected email from a company, and it is riddled with mistakes, more than likely it’s a phishing mail. 
  • Alarm bells should ring if you receive an email from a company unexpectedly that contains an attachment and the message urges you to download the attachment. 
  • It is common for phishing emails to instill sense of panic in the recipient. It may claim that your account may have been compromised and the only way to verify it is to enter your login details. If you’re unsure, contact the company directly but not via the email you recieved.
Links in emails, social media posts and online advertising are very common methods used by cybercriminals to try and steal your personal information. If something looks suspicious, don’t hesitate and delete it immediately.