A malicious link in the SMS. One click and you lose money
The malicious application is impersonating PKO BP and steals data. Experts warn: One click is enough to lose savings.
The CSIRT KNF team warns against another cyber attack aimed at PKO Bank Polski’s clients. Fraudsters, impersonating the bank, send fake SMS messages containing a link leading to a malicious application. The purpose of the campaign is to extort data and steal funds from bank accounts.
Hacker attacks
PKO BP, as the largest bank in Poland, is a regular goal of hacker attacks. This time, criminals use social engineering, encouraging you to click on the link sent under the pretext, e.g. activating a special account. Click initiates the download of the NGATE application – a dangerous malware created on the Android system, which can take over login details, personal data and even data from the payment card.
After installing, the application resembles a real banking application and asks the user to provide a login, date of birth, PIN to the card and other confidential information. In the following steps there are suggestions to agree to the processing of personal data, insurance protection or connecting the payment card to the account. Messages are formulated in a way to inspire trust, and at the same time leaving no clear information, which may lead some people to click out of curiosity.
Second stage
After starting, the malicious application initiates the second stage of the attack – it encourages you to apply the payment card to the back of the phone. In this way, he intercepts data from the card, including its number, expiry date and PIN. This information is then sent to a criminal.
With the use of NFC Relay technology, fraudsters can remotely use the acquired data, including for making contactless payments or cash withdrawals from an ATM. In addition, with access to the login, password and PIN, they can transfer money from the victim’s account on their own accounts.
CSIRT KNF appeals not to install applications from unknown sources and always use only official distribution channels, such as Google Play or the App Store. One careless movement may result in a total loss of savings.
