Cybercriminals attack banking customers in EU with V3B phishing kit – PhotoTAN and SmartID supported.

Pierluigi Paganini June 04, 2024

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU.

Resecurity has a new cybercriminal group providing Phishing-as-a-Service (PhaaS) platform that is equipping fraudsters with sophisticated kit (known as “V3B”) to target banking customers in the EU.

“Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accounts. Their Telegram channel has over 1,255 members, a significant indicator of the scale and scope of the malicious activity being promoted by the group.” reads the published Resecurity. “The majority of members on this Telegram channel are skilled cybercriminals who specialize in various forms of fraud. These include:

  • Social engineering tactics
  • SIM swapping schemes
  • Banking and credit card fraud”

The attackers use various social engineering and spoofing tactics to trick victims into revealing their sensitive information, which supports real-time interaction to abuse and bypass MFA (Multi-Factor Authentication).

The kit is designed to intercept sensitive information, including banking credentials, credit card and personal information, and OTP/TAN codes. Besides traditional tokens (such as SMS code), the kit supports QR Codes and PhotoTAN method (widely used in Germany and Switzerland), which may indicate that fraudsters are monitoring the latest MFA/2FA technologies implemented by banks and seeking to exploit possible bypass methods to defraud their customers.

V3B phishing kit supports over 54 financial institutions (based in Austria, Belgium, France, Finland, Greece, Germany, Italy, Netherlands, Norway, Poland, Spain), featuring customized and localized templates to mimic authentication and verification processes of major online banking, e-commerce, cryptocurrency providers and payment systems in the EU.

Technical details about the phishing kit are included in the report published by Resecurity:

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, V3B)



you might also like

leave a comment