Published: October 10, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
A banking malware is making its way through the Americas and North America could be next. BBTok banking malware first discovered in 2020 is back on the scene with significant upgrades. One of the advancements tricks users into supplying sensitive banking information through phishing links and bogus web pages. BBTok's victim list is rapidly growing, with the threat actors suspected of being from Brazil.
One BBTok upgrade is now using fileless injection. This makes detecting the malware through antivirus and other traditional methods unlikely. As a result, fileless attacks are difficult to detect and that makes them difficult to prevent.
Capitalizing on BBTok's fileless attacks, phishing is the main way the malware finds a place to thrive. Previously, BBTok relied on email attachments for infection and has now expanded to also using phishing links. BBTok can even find potential victims by scanning their browser tabs for bank names.
One way BBTok operates so well is by duplicating the interface of over 40 Brazilian and Mexican banks. It includes fake login pages tricking customers into supplying their 2FA security codes and even sharing payment card information. From there, the next move for attackers is account takeovers, or ATOs. Once that happens, the victim is locked out of the account and all of the funds and information held there now belong to the attacker.
The best way to arm yourself against malware like BBTok is by using anti-phishing smarts.
Use a healthy dose of common sense before handing out sensitive information. An email or text from your bank or other sensitive accounts asking you to log in or provide confidential PII should always be suspect. Instead, type in the trusted web address yourself to find if it's legitimate.
Never click on links or open attachments unless you can verify the sender is a trusted source. Links can take you to copycat websites that steal your data and attachments carry malware.
Delete a suspect email or text without opening it. If the message looks odd in any way, don’t open it. It's better deleted than getting infected.
Look for any sense of urgency. Hackers like to push us into acting quickly before there’s time to verify the message is legitimate or not. There is always time to take a bit to determine if is legit.
Keep all system software, including all apps, updated as soon as they are available. Most updates include fixes for security bugs and provide the latest security patches.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments