top of page
  • Admin

Robin Banks, A New Phishing-As-A-Service Malware, Hits 4 Major Banks in U.S.

Published: September 03, 2022 on our newsletter Security Fraud News & Alerts Newsletter.

Always looking for new and lucrative ways to fleece unsuspecting users, a new and ready-to-rent phishing malware called Robin Banks is making the rounds. And it’s leaving financial institutions and their customers feeling…well, fleeced. If not for a new malware rental opportunity known as PaaS (phishing-as-a-service), where anyone can rent phishing malware like Robin Banks, these attacks may have never happened. PaaS is the latest addition to the pay-to-use malware family called MaaS (malware-as-a-service).

This PaaS is currently known for widespread attacks against four U.S. banks and their customers through email phishing attacks. The banks targeted by Robin Banks are Capitol One, Citibank, Wells Fargo, and Bank of America. The victimized financial institutions are in the U.S., Canada, UK, and Australia.

PaaS, a New Member of MaaS

Understanding PaaS takes a quick look at the now-booming business of MaaS (malware-as-a-service) of which PaaS is now a member. You can think of MaaS as the criminal, evil twin of SaaS (software-as-a-service), a legitimate business offering app rentals like Slack and Dropbox.

InfoSecurity Magazine finds “MaaS offers access to botnets that distribute malware…usually includes a personal account where non-technical cyber-criminals can control the attack and get technical support.” Experts also find international crime syndicates and nation-state actors are also turning to MaaS for big paydays.

As the malware made specifically for email phishing attacks, IronNet cybersecurity describes Robin Banks as a “…ready-made phishing kit aiming to gain access to the financial information of individuals residing in the US, as well as the UK, Canada, and Australia.” As a PaaS, Robin Banks is sticking to the script and getting rave reviews from fans of cybercrimes.

Robin Banks and Just One Click

There’s a grab bag of manipulation tactics used to trick targets into opening malware-laced phishing emails. Convincing a bank employee they need to click a link in the email text or open an attached file is how phishing malware like Robin Banks infects a device and its data systems. Just one wrong click can create chaos for the targeted financial institutions and their customers.

Robin Banks malware does the same damage as other email phishing malware. The simple difference being that Robin Banks is a rented, ready-to-use phishing malware. Email phishing is infamous for devastating individual victims and institutions alike. Just some of these feats are hijacking money; wire fraud; identity theft; additional malware downloads; reputational damage; productivity loss, stolen login details, and other turmoil.

Preventing Robin Banks requires users to keep their email phishing red flags set on high alert. “Don’t trust and verify” goes a long way preventing attacks from succeeding. Don’t click on links you cannot verify as legitimate and if you need to check on your financial accounts, or some email or text says something was changed, go directly into your account and verify the information using a trusted link or apps. If you feel rushed, that’s a great reason to slow down.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at

1 view0 comments
bottom of page