Fake Login Pages To Steal Bank Data

Uploaded on 2023-12-01 in FREE TO VIEW, BUSINESS-Services-Financial

As retail banking services have been transformed by the Internet and Mobile technology, the apparent convenience of online transactions has come at a significant cost as cyber criminals have engaged in defrauding banks and their customers. Now, Australian bank users are being targeted in a new malware campaign. 

Unsuspecting victims are being deceived by highly convincing fake login pages on their banking apps, which appear to be authentic but are criminally motivated.

Customers of several major Australian banks are being deceived into downloading a malicious app in response to seemingly legitimate text and email messages from their bank. The messages contain links to a page that either tells you to download or to add some personal details. It is a new malware called Octo and it's the latest offering from cyber criminals which can be bought on the Dark Web.

Data obtained by the ABC television channel has uncovered what appears to be the first major distribution campaign of the malware which is capable of monitor telephone calls, collecting contacts, dodging antivirus software, bypassing multi-factor authentication and key-logging email and text messages. It can also do overlay attacks, which is what happens when hackers superimpose a fake login page over an authentic app, like the ones above, to trick you into giving up your credentials.

Many of Australia’s major Banks are caught up in this scam, including ANZ, Bank Australia, Bank of Melbourne., HSBC, WestPac and several others. Hundreds of Australians have reportedly become victims by downloading the malware onto their personal devices. 

The threat of cyber criminals using bogus login pages to steal banking information is pervasive. Banks and their online customers must be alert and resist complacency that their existing security measures are good enough to protect them and maintain their trust in online banking services. 

ABC:    McAfee:    NCSC:     TerraNova / Forta SecurityMalwarebytes:   Newsbreak

Image: Tumisu

You Might Also Read: 

HSBC Mobile Banking App Fails:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Global Effects Of The Internet On Society
Trouble At Three »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DoD Cyber Crime Center (DC3)

DoD Cyber Crime Center (DC3)

DC3 is a US Department of Defense (DoD) center of excellence for Digital and Multimedia forensics.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

National Information Security & Safety Authority (NISSA) - Libya

National Information Security & Safety Authority (NISSA) - Libya

NISSA is responsible for safeguarding the integrity, availability and resilienceof ICT infrastructure, resources, services and data in Libya.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

CyberVista

CyberVista

CyberVista is a cybersecurity training education and workforce development company. Our mission is to eliminate the skills gap by creating job ready professionals.

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

TunnelBear

TunnelBear

TunnelBear is a Virtual Private Network services provider offering secure encrypted access to the internet.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

Jenson Knight

Jenson Knight

Jenson Knight is a global cyber security, cloud and IT infrastructure staffing specialist.

Mosaic 451

Mosaic 451

Mosaic451 is a bespoke IT managed services provider and consultancy specializing in information security, operations and design.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

GeoEdge

GeoEdge

GeoEdge is the premier provider of ad security and quality solutions for the online and mobile advertising ecosystem.

TPx Communications

TPx Communications

TPx is a leading managed services provider offering a full suite of managed IT, unified communications, network connectivity and security services.

Neya Systems

Neya Systems

Neya Systems, a leader in advanced off-road autonomy and high-level multi-robot mission planning, provides innovative solutions for uncrewed ground, aerial, and surface vehicles.

Norwegian Data Protection Authority (Datatilsynet)

Norwegian Data Protection Authority (Datatilsynet)

The Norwegian Data Protection Authority (Datatilsynet) is the national data protection authority for Norway.