The current biggest threat to the UK banking industry has just added a new target.
A threat actor who goes by the alias “Kr3pto,” a credential phishing kit creator, has just added Bank of Scotland to their target list. Threat actor Kr3pto has created several puppeteer phishing kits which target several UK financial industries. These kits can bypass all second forms of authentication based upon their unique method of adapting the phishing site responses. The controlling threat actor can change the questions on the phishing site based upon the true login experience for the targeted user.
The addition of Bank of Scotland as new bank is highly notable. It shows that the kits are profitable for the controlling threat actors and there is growing interest in targeting UK users for their banking credentials.
The WMC Threat Intel Team has now seen Kr3pto kits targeting the following UK banks HSBC, Halifax, Barclays, TSB, Lloyds, NatWest, and now Bank of Scotland.
For more information on the Kr3pto threat actor please see our Deep Dive Blog
The WMC Threat Intel Team has seen an increase in cracked Kr3pto kits which enable other threat actors to rebrand the kits and further resell the kits. We are tracking a few unique threat actors who are deploying puppeteer kits using cracked versions of Kr3pto.
IoCs:
https[:]//bosnewpayee[.]com/Login.php
https[:]//bankofscotland.devices-auth[.]com/Login.php
https[:]//bankofscotland.co.uk-alert[.]com/Login.php