The V3B phishing kit is the latest malicious tool that cybercriminals spread, particularly on Telegram. Based on reports, V3B could target consumers from 54 major banking institutions in several European countries, including the Netherlands, Ireland, Finland, Austria, Germany, France, Luxembourg, Belgium, Greece, and Italy.
Depending on the package selected, the phishing kit costs between $130 and $450 for a monthly subscription and includes extensive obfuscation, localisation options, OTP/TAN/2FA support, live chat with victims, and various evasion features.
According to researchers who spotted V3B, its Telegram group already has over 1,250 users, showing that the new phishing-as-a-service (PhaaS) platform is gaining traction throughout the cybercriminal community.
The V3B phishing kit features various capabilities that make it an elusive threat.
Investigations reveal that the V3B phishing kit uses deeply obfuscated JavaScript code with a custom CMS that could avoid detection from anti-phishing solutions, search engine bots, and researchers.
In addition, it includes professionally translated pages in various languages, such as Finnish, French, Italian, Polish, and German, which improves the efficiency of phishing campaigns and allows threat actors to launch operations in multiple countries.
This tool is also compatible with mobile and desktop platforms, allowing it to intercept banking account credentials, information, and credit card numbers.
Furthermore, the admin panel (uPanel) enables fraudsters to connect with victims in real time using a chat system to acquire OTPs by delivering bait notifications. Subsequently, V3B will bring back this stolen information to its operators using the Telegram API.
Among the real-time interaction trigger choices is a QR code login jacking tool, which allows attackers to generate QR codes for phishing pages. The tool creates a false sense of legitimacy by exploiting the victim’s familiarity with trustworthy services.
Another critical aspect of the V3B kit is its compatibility with PhotoTAN and Smart-ID, which lets users bypass advanced authentication systems commonly used by German and Swiss banks.
These phishing kits have become integral to numerous cybercriminal activities in the past years. Their primary popularity is that they allow low-skilled threat actors to conduct simple but effective cyberattacks on unsuspecting bank clients.
European bank clients should be extra cautious with their bank accounts by being knowledgeable about phishing campaigns. Users can prevent these malicious events by refraining from engaging in unsolicited communications from financial institutions.