Threat actors often deceive victims by using skillfully crafted bank login pages that appear to come from a trusted and known party. These pages are so convincing that they can trick an unsuspecting victim into revealing sensitive information.
ABC Australia also shared a series of notable bank login pages mimicked by these threat actors, along with quiz questions on how users can identify these pages. We at FixitGearWare Security have answered these questions and will guide you on how to spot them.
HOW ARE USERS TRICKED?
Threat actors often trick users via phishing links, into providing sensitive information to access their bank login page. Unbeknownst to the users, they actually send this sensitive information to the threat actor’s Command-and-Control (C2) server. Researchers attribute the acts to a malware known as Octo, which is currently for sale on the dark web and has been found in the wild.
The threat group who created the Octo malware are said to identify themselves as “Goodluck”.
Octo malware is known for its sophistication, which includes:
- Recording calls from the victim’s device.
- Harvesting sensitive information, including user contacts.
- Evading anti-malware and anti-virus detection.
- Bypassing multi-factor authentication.
- Keylogger functionality through recording keystrokes and exfiltrating user text messages.
ABC Australia also disclosed a list of banks that these malware and scammers have successfully cloned. Reports indicate that a vicious malware victimized a handful of Australians within days of its emergence in the digital world. The threat actor focuses on citizens from Australia, considering them easy access for their malicious activities.
DEVICES THAT ARE MAJOR TARGETS:
Major devices targeted by the Octo Malware include brands such as Google, HTC, and Samsung Mobile. The malware can also hide, disguising itself as a legitimate app on the Play Store, leading users to not consider the app to be malicious due to its source.
With the growing trend of the Octo Malware, it’s no surprise that threat actors are able to expand their operations using this malware by offering it as Malware As A Service (MaaS).
EXPERT AND RESEARCHERS OPINION:
A few researchers from notable organizations gave their opinions on the Octo Malware.
Dario Durando, a Senior Threat Analyst and representative from Threat Fabric, a Netherlands-based banking security platform, found the malware masquerading as a Google Chrome Browser software update. The backend statistics of the website showed that users in Australia downloaded the malicious software over 533 times, users in Spain downloaded it 362 times, and users in the United States of America downloaded it 64 times. However, they have since taken the counter offline.
Dario described that:
“All of these people collaborate just as normal businesses would do. So they have subscription schemes, they have discounts, they have support channels, it’s very, very concerning,”
“Nowadays with the predominance of mobile criminals are deciding well it is the time to actually invest research and create more mobile malware because that’s where the money’s at.”
Edward Driehuis, the Vice President of fraud engineering at Threat Fabric, also added his observations, noting that the threat group spoke Russian and had clear connections to the Russian cybercrime underworld.
In his opinion to ABC Australia, Driehuis stated that:
“They are after your hard-earned cash,” and quite difficult to differentiating them from politically motivated groups which are run by foreign nations.
“There’s definitely more than average attention to Australia.”
“I think you can never rely on awareness to be your first and last line of defence, that would not be fair to shift responsibility to your customers,”
In 2022, Australia experienced a significant surge in scams, with losses exceeding $3.1 billion, an increase of over 80% compared to 2021, according to statistics from the Australian Competition and Consumer Commission. Astonishingly, phishing techniques, which trick users into revealing sensitive information such as Personal Identifiable Information (PII), accounted for over $24.6 million in losses, marking a staggering 469% increase from the previous year.
Consumer Action Law Centre:
Stephanie Tonkin of the Consumer Action Law Centre has voiced strong criticism of Australian banks for their inadequate protection of customers against these increasingly sophisticated scams. She views Australia as a “soft target” due to the absence of robust laws and systems to combat scams. Tonkin urges the banking sector to shoulder more responsibility, given that these scams are taking place on their platforms. She proposes that the Australian government enact laws that hold banks accountable for reimbursing scam victims, thereby encouraging banks to enhance their scam prevention and detection systems.
In an interview with ABC Australia, Stephanie stated, “The AFP are innovating and exploring further opportunities to disrupt cybercriminals, particularly through our joint operations with Australian Signals Directorate. We are coordinating national joint task forces against business email compromise, ransomware, remote access scams, and identity fraud.” An Australian Federal Police spokeswoman acknowledged the escalating cybercrime threats and highlighted ongoing efforts to disrupt cybercriminals through joint operations.
SECURITY TIPS FROM EXPERTS:
Security experts have also shared some valuable tips via ABC Australia to help users protect themselves from malicious actors. These include:
- Users, should always be vigilant of individuals who have access to your private information. Data leaks could potentially source this information.
- If you receive a call from an unfamiliar number, it’s advisable to hang up and redial using the official contact.
- Be skeptical of any messages you receive, even if they appear to be from people you know. They might not be who they claim to be.
- Always remember to protect your personal details from potential scams.
- As an Android user, you should download apps exclusively from the Google Play store.
- Be particularly wary of apps that request accessibility services.
- Regularly check your phone’s Settings and Accessibility page for any apps that seem suspicious.
- Keep in mind that if your device is compromised, you might be unable to access certain settings.
- If you suspect that your phone has been infected, it might be necessary to perform a full factory reset.
FixitGearWare Security, is urging you our readers, to Stay safe and vigilant! 🛡️
Put your comments below in the comment section on your thoughts about this.