The Dutch authorities they arrested two people allegedly belonging to a Dutch cybercrime gang, known by the name "Fraud Family", and have been involved in the development, sale and hire of advanced Phishing frameworks to other malicious agents within it Fraud-as-a-Service business.
The two suspects, one 24 year old software engineer and 15 year old boy, are said to have been the main developers and sellers of phishing frameworks used for Bank customer login data collection. The victims of attacks were mainly in the Netherlands and Belgium.
Roberto Martinez, senior threat intelligence analyst at Group-IB Europe, stated in a report the following: "Phishing frameworks allow cybercriminals with minimal skills to optimize the creation and design of phishing campaigns to carry out massive malicious operations while bypassing 2FA." He added that the gang advertises its services and interacts with other cybercriminals in the Telegram messenger.
The attacks begin by email, SMS or via WhatsApp, while they are known to be abused local brands and contain malicious links which, when clicked, redirects to phishing websites που steal payment information. In an alternative attack scenario, scammers posed as buyers on a Dutch advertising platform to contact a salesperson and then divert the conversation to WhatsApp in order to trick the latter into visiting a phishing website.
Group-IB researchers pointed out that "High level of personalization" not only "counterfeit" a legitimate Dutch market, but also claim to use a well-known e-commerce payment system in the country, only to lead the victim to a fake bank website from which customer credentials are stolen.
See also: REvil Ransomware: Disable gang sites
Specifically, the researchers reported the following: "When victims submit their bank credentials, the phishing website sends them to a fraudulent web panel. Thus, malicious agents are informed that a new victim is connected to the Internet. "Scammers can then request additional information to help them access bank accounts, including two-factor identity tokens and personally identifiable information."
According to messages posted by the team on Telegram, web panels can be rented for € 200 per month (Express Panel) or for € 250 in case other cybercriminals choose the Reliable Panel (or Reliable Admin). At least eight Telegram channels managed by the Fraud Family have been recognized to date, with the channels having 2.000 subscribers.
Finally, the researchers stressed the following: "The attacks behind the Fraud Family infrastructure have increased in the last months of 2020. This trend continues in 2021, with the advent of the Express Panel and the Reliable Panel."
Source of information: thehackernews.com