Alerts E-Threats

Hackers Break IT Website to Steal E-mail Passwords via Copy for Payment Scam

Users are targeted once again by scammers, who launched a new spam campaign to steal their e-mail passwords. This time, cyber-crime groups broke into a legitimate software solutions website to spread phishing and adware. The same domain is also hosting Trojans for further attacks.

Hackers Break IT Website to Steal E-mail Passwords via Copy for Payment Scam “Our continuing effort to discover and increase knowledge & understanding through disciplined research enables us to deliver quality products,” the Indian-based software solutions company advertised on its website. That wasn’t a huge deterrent for scammers, who managed to hack the web page, embed malware and dump a phishing folder in the script. After preparing the baits, cyber-criminals started to spread the phishing-related URLs in a spam campaign.

Hackers Break IT Website to Steal E-mail Passwords via Copy for Payment Scam “Please Confirm Attached Payment Copy To Your Account,” the e-mail reads. “Dear Sir, please find TT copy for payment to your Account. Please Confirm receipt.”

The compromised domain also contains two encrypted Java Scripts injected in the WordPress page. Detected by Bitdefender antivirus with Trojan.Iframe.RW and Trojan.JS.QJD, both inject iFrames into the website and redirect users to adware.

Though the sender looks as coming from UK financial group HSBC to target especially the British, the spam is sent worldwide and even uses US dollars as online currency for the phishing page.

The bogus OnlineTTcopy attachment redirects to a phishing website that uses the images and login script of[REMOVED] to verify how many users have been duped to give away their e-mail credentials. JavaScript Trojans are mainly embedded in legitimate but poorly-crafted websites. Trojan.Iframe may be injected in a legal web page to download further malware and to be used for future cyber-attacks.

This article is based on the technical information provided courtesy of Doina COSOVAN, Bitdefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.



About the author


Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.

1 Comment

Click here to post a comment
  • Oh my, oh my…. This sounds really scary specially when we are less careful clicking on something around the web. I never thought that our email PW and credit cards information can be stolen this easy. Thanks for sharing this post. Not only that it’s jam-packed with valuable information, but it as well serves as a warning for internet users like me.