Banking malware targeting business customers of New Zealand banks

Capture

CertNZ have released a new advisory.

A phishing campaign containing malware is targeting business banking customers of some New Zealand banks.

The phishing emails are branded to look like invoice notifications from accounting software systems. Once a user clicks on the attachments or links in the email, malware is downloaded onto the user’s machine.

The phishing emails may have been sent up to three months ago.

What's happening?

The phishing emails appear to be invoice notifications. They use accounting software brands and have links to download an invoice.

The malware infects the browser and adds malicious plugins. These plugins are used to steal login credentials, as well as two-factor authentication codes. Attackers are using these stolen credentials to access the bank account and transfer money to overseas accounts.

The security of the accounting software and the banks is not affected by this campaign.

For more information please visit the CertNZ site