SpyEye banking Trojan uses SMS hijacking feature


SpyEye has been observed trying to trick users into reassigning their cellphone numbers to receive one-time passwords (OTP) from their banks by SMS. The social engineering scam (assuming SpyEye has already infected the target PC) is found on fraudulent pages injected into a users online banking session that falsely claim they have been assigned a OTP.

The fraudsters can then receive all future SMS verification codes for the hijacked bank account via the mobile network. A fraudster can then use the OTP to redirect/transfer funds from a customers bank account.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023