Rewterz Threat Alert – Fake WordPress Plugin Embedded with Cryptocurrency Miner
October 21, 2019Rewterz Threat Alert – APT41 and LOWKEY launch financially motivated attacks
October 22, 2019Rewterz Threat Alert – Fake WordPress Plugin Embedded with Cryptocurrency Miner
October 21, 2019Rewterz Threat Alert – APT41 and LOWKEY launch financially motivated attacks
October 22, 2019Severity
Medium
Analysis Summary
A phishing campaign targeting users of the online payment service, Stripe, has been observed. Cofense reports the online payment facilitator has been used as the basis for the ruse. The email informs users that certain details of their Stripe account are invalid and need to be corrected to prevent immediate disabling of their account. The phish uses an obfuscated button directing users to click the link to login. The use of HTML’s tag reveals only a tag for the user to review their details when the button is hovered over. The button destination is an imitation login page for Stripe that actually contains three separate login pages. These pages are used to harvest credentials and eventually redirect victims back to the legitimate login site.
Impact
Credential theft
Indicators of Compromise
IP
198[.]46[.]81[.]153
URL
https[:]//hindreonds[.]com/
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.