Security News > 2021 > May > FBI spots spear-phishing posing as Truist Bank bank to deliver malware
Threat actors impersonated Truist, the sixth-largest US bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan malware.
In one of the attacks targeting a renewable energy company in February 2021, the phishing emails instructed the target to download a malicious Windows app mimicking the legitimate Truist Financial SecureBank App and supposedly needed to complete the process behind a $62 million loan.
"The phishing e-mail appeared to originate from a United Kingdom-based financial institution, stating the US financial institution's loan to the victim was confirmed and could be accessed through an application which appeared to represent the US financial institution."
To increase their attacks' success rate, the attackers used malware currently undetected by anti-malware engines on VirusTotal.
As further detailed on the VirusTotal page for the malware sample shared by the FBI, the attackers can use the malware to log keystrokes and take screenshots of the victims' screens.
Last month, world-leading employment agency Michael Page was impersonated in a similar phishing campaign attempting to infect recipients with Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers.
News URL
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Volt Typhoon rebuilds malware botnet following FBI disruption (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)