A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The landing pages are nearly indistinguishable from the official Pocket Card authentication portal, featuring properly implemented SSL certificates to display the padlock icon that many users associate with security. This deobfuscation routine unpacks additional malicious code that performs the credential exfiltration through encrypted channels to command and control servers, making detection particularly challenging for security solutions. The malicious actors behind this attack employ convincing Pocket Card branding, accurate formatting, and contextually relevant messaging to trick recipients into interacting with seemingly benign attachments or embedded links. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These messages prompt users to review suspicious activity or verify their credentials by clicking on embedded links that redirect to meticulously designed phishing pages. This sophisticated phishing campaign represents an evolving threat to financial service customers, combining social engineering with advanced technical evasion techniques. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Broadcom researchers noted the campaign after observing a spike in credential harvesting attempts targeting financial services customers. Their analysis revealed that these attacks use a sophisticated multi-stage payload delivery system designed to bypass traditional email security filters. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. INTERPOL led a multi-national law enforcement operation dubbed "Operation Red Card," which has resulted in the arrest of over 300 suspected cyber criminals. The attack vector primarily leverages emails purporting to be security alerts, transaction confirmations, or account verification notices. The infection process begins when victims click the malicious link, triggering a JavaScript-based redirect chain that ultimately loads the phishing page. The researchers noted that the campaign employs domain typosquatting, with URLs such as “pocket-card-secure.com” and “pocketcard-verification.net” to enhance legitimacy. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting in unauthorized transactions and credential theft. The extension functions as a formgrabber, harvesting additional authentication details across multiple financial websites.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 24 Mar 2025 15:05:04 +0000