@BushidoToken Threat Intel

  There is no doubt that mobile banking has taken the world by storm. Another growth industry is digital-only banks, especially in the UK. As of January 2022, over a quarter (27%) of British adults have opened an account with a digital-only bank, equating to 14 million people. This has created a new pool of targets for phishing threat actors to create new campaigns for fraud. This blog will explore a recent and ongoing campaign targeting mobile users and digital-only banks.  Monzo is a popular digital-only bank in the UK. For years, users are able to open an account without having to visit a branch just by walking through the steps in the mobile application. One of the key parts to creating a Monzo account is verifying your device. Monzo will send you a "golden link" which you use to login to for the first time (see Fig. 1). This is what the phishing threat actors are after. Fig. 1 - Example "golden link" sent via Monzo to login to bank accounts Fig. 2 - Example SM...

  Android banking Trojans are an interesting threat because if successful, it can be a huge payday for a cybercriminal and a terrible loss for the victim. The latest wave of Android banking threats have a range of advanced features, all designed to clear out a victim's bank account.  The majority of these threats are distributed via malicious SMS text messages, the Google Play Store, Social Media, or watering hole sites. These types of threats also largely require the users to be unaware of the danger of granting unsafe permissions to apps, such as Android Accessibility Services - one of the main functions that Android malware heavily relies on to perform financially motivated attacks. The Android Banking Trojan Nexus (see above) is supposed to help fraud teams and security researchers identify and track Android banking Trojans designed to steal funds from their customers' accounts. Tracking the latest and greatest Android threats is a valuable venture. From my experience of ...