Security News > 2021 > May > FBI spots spear-phishing posing as Truist Bank bank to deliver malware
Threat actors impersonated Truist, the sixth-largest US bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan malware.
In one of the attacks targeting a renewable energy company in February 2021, the phishing emails instructed the target to download a malicious Windows app mimicking the legitimate Truist Financial SecureBank App and supposedly needed to complete the process behind a $62 million loan.
"The phishing e-mail appeared to originate from a United Kingdom-based financial institution, stating the US financial institution's loan to the victim was confirmed and could be accessed through an application which appeared to represent the US financial institution."
To increase their attacks' success rate, the attackers used malware currently undetected by anti-malware engines on VirusTotal.
As further detailed on the VirusTotal page for the malware sample shared by the FBI, the attackers can use the malware to log keystrokes and take screenshots of the victims' screens.
Last month, world-leading employment agency Michael Page was impersonated in a similar phishing campaign attempting to infect recipients with Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers.
News URL
Related news
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (source)
- Chinese national accused by Feds of spear-phishing for NASA, military source code (source)
- New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails (source)