Raiffeisen Bank malware is phishing for your login credentials

raiffeisen, bank, malware

You better stay on your toes when logging in to your account should you happen to be a client of Raiffeisen Bank – someone might be out to snatch your credentials.

Malware researcher Lukas Stefanko has stumbled upon a new phishing campaign targeting Raiffeisen Bank customers. While new, the attack is based on the infamous Android banking Trojan, MazarBot, which has previously been distributed via SMS, email spam and numerous fake pages.

The campaign seeks to trick people into filling in their logging credentials in a bogus page, which looks absolutely identical to the original Raiffeisen site.

This is what the scam page looks like compared with the real thing

Once a user has entered their login details, the information is automatically sent to the attacker. But this is not where the attack ends.

Victims are then redirected to another webpage where they’re prompted to download and install another malicious app, disguised as a dedicated Raiffeisen Bank Security app. The page also features extensive step-by-step instructions how to complete the installation. There’s even a QR code for an easy download.


As the researcher explains, the core function of the app is to lure users into providing even more credentials.

For those interested, Stefanko has uploaded footage showing how the malware works in action. Check it out here:

Stefanko notes that, since the attackers used an URL shortener to redirect to the download page, he was able to see how many times the link was accessed. Fortunately, the malicious software was downloaded by less than 40 people in total – most of whom were based in Austria.

This isn’t the first time Raiffeisen Bank clients have been targeted in malicious attacks. Back in March, the bank told Reuters several of its Polish branches fell victim to the Lazarus malware. The attack was quickly identified and resolved.

Read next: Facebook users can now take 360 photos from within the app