In November 2017 Nokia’s Threat Intelligence Lab investigated a new Banking Trojan that was observed in a number of our NES product deployments. The malware attempts to spread from one device to another by sending SMS text messages to all the owner’s contacts. This is not unusual as phishing attacks use this technique to propagate quite often. This message, however, was a well-crafted message targeting the carrier’s customers, using the mobile carrier’s corporate links and logos to impersonate their corporate image. A simple yet effective approach to deceive a subscriber (receiving these text messages) into following the link and downloading the malicious application.