Thursday 12 March 2020, Poradnik bezpieczeństwa

Customers of the PKO BP bank targeted in new phishing campaign

Lost24

Cybercriminals have targeted customers of PKO BP in their latest phishing campaign.


According to CERT, potential victims receive an email with confirmation of the transaction. The subject of the message is “Copy of payment” and the email originates from info@mantrabe.com. The message contains Polish characters.
The victim, surprised to receive an email with a transaction that was not made recently, will probably open the attachment included in the message. In fact, it’s a malicious script that installs GuLoader family malware, which then downloads the AgentTesla Trojan.


Trojan’s task is to steal the login credentials for the bank account of the customer and then to clear the account.