Users are targeted once again by scammers, who launched a new spam campaign to steal their e-mail passwords. This time, cyber-crime groups broke into a legitimate software solutions website to spread phishing and adware. The same domain is also hosting Trojans for further attacks.
“Our continuing effort to discover and increase knowledge & understanding through disciplined research enables us to deliver quality products,” the Indian-based software solutions company advertised on its website. That wasn’t a huge deterrent for scammers, who managed to hack the web page, embed malware and dump a phishing folder in the script. After preparing the baits, cyber-criminals started to spread the phishing-related URLs in a spam campaign.
The compromised domain also contains two encrypted Java Scripts injected in the WordPress page. Detected by Bitdefender antivirus with Trojan.Iframe.RW and Trojan.JS.QJD, both inject iFrames into the website and redirect users to adware.
Though the sender looks as coming from UK financial group HSBC to target especially the British, the spam is sent worldwide and even uses US dollars as online currency for the phishing page.
This article is based on the technical information provided courtesy of Doina COSOVAN, Bitdefender Virus Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.