SecurityHome.eu PWS:HTML/Phish.JX

Home / malware PDF

PWS:HTML/Phish.JX

First posted on 23 January 2015.
Source: Microsoft
Aliases :
There are no other names known for PWS:HTML/Phish.JX.
Explanation :
Threat behavior

Installation

This threat is a spam email file that redirects to a login website that imitates a Google login webpage to steal your account information.

The spam email asks you to click a link to view a document that has been shared on Google Drive. It can look like the following:

Payload

If you click the link in the spam email it redirects you to a fake Google login page. The page can look like the following:

We have seen personal details entered on this page sent to the following server:

google-drive-com.lebanese-emigrants.net/

Analysis by Mihai Calota

Symptoms

The following can indicate that you have this threat on your PC:

You have received and opened an email similar to the following:

Last update 23 January 2015

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

PWS:HTML/Phish.GK
PWS:HTML/Phish.FL
PWS:HTML/Phish.JX