D3Lab’s Threat Intelligence Team in its daily activities of analyzing and countering online fraud has detected a phishing campaign sent via SMS to the Italian company Nexi customers (specialises in payment systems) that invited the user to install a malicious application via the official Google Play Store.
Users initially received a text message (smishing) prompting them to check their own Nexi profile to prevent a disabling of the account. If the user clicked on the phishing link, he would see a fake Nexi web page requesting him:
- Email associated with Nexi account;
- Codice Fiscale (Italian fiscal code);
- Credit Card Number, CVV and Expiration Date.
After completing the data entry the victim would saw a pop-up inviting him to download a new security application. The phishing website contained links to the Google Play Store, Huawei App Gallery, and Apple Store. But only the link to the Google Play Store was valid.Continua a leggere