Home / malware PWS:HTML/Phish.GK
First posted on 18 November 2015.
Source: MicrosoftAliases :
There are no other names known for PWS:HTML/Phish.GK.
Explanation :
Threat behavior
Installation
This threat imitates a legitimate bank login form to steal your account credentials.
It can look like the following:
Payload
Once the credentials have been entered and submitted, the information is sent to the malicious hacker's server.
We have seen personal details entered on this page sent to the following server:
€¢ americafeelings.com/tangerinemigrationprocess/secure.tangerine.ca/web/
€¢ tangerinesupport.ru/services.activating.update.redirect/tangerine.ca/web/
€¢ eftcanadacom.ru/client.activation.services.redirect/secure.tangerine.ca/web/
€¢ orangkeytangerineca.ru/migration.process.secure.redirect/secure.tangerine.ca/web/
€¢ royalbankcom.ru/documentation.forms.secure.process.gov.redirect/secure.tangerine.ca/web/
€¢ securetangerineca.ru/migration.process.secure.redirect/secure.tangerine.ca/web/
€¢ tangerinebankca.ru/migration.process.start.redirect/secure.tangerine.ca/web/
€¢ tangerinebf.ru/service.activation.secure.redirect/tangerine/web/
€¢ tangerineservers.ru/documents.form.secure.process.redirect/secureca/web/
€¢ tangerineservices.ru/secure.process.activation.redirect/secure.tangerine.ca/web/
Analysis by Ric Robielos
Symptoms
The following can indicate that you have this threat on your PC:
- The display of the following page, or ones similar, that ask you to fill out your online banking details:
Last update 18 November 2015
