Security Alert: Malware mimics authorization form on popular sites

We have come across a new piece of malware that targets infected users' information on established banking and shopping sites. This nasty virus is brand new; we are actively working with several security vendors to identify how it originates and how to eradicate it. Although not all information is readily available at the moment, we wanted to notify you immediately.

What we know now:
Once infected, the malware waits until the user visits an established shopping (e.g. Amazon) or financial services (e.g. banking) website. When making a purchase or logging in, the virus activates by redirecting the user off the legitimate site to a fake authorization form that looks like it is coming from your trusted vendor. It's intelligent enough to grab the last 4 digits of your credit card/account. It requires you to re-enter your credit card/account information, including CVV and expiration dates.

It's important to know that your vendors are not compromised. The virus cannot detect the information already inside your account. It can see public information, e.g. the last 4 digits of your credit card, and use that data to trick you into thinking the authorization is legitimate. When you are directed to the authorization site, it is not your vendor's site. When you type in the authorization information, the malware uses keylogger tools to capture your financial data.

What you can do:

  • Please share this post with all of your users.
  • Be extremely vigilant when accessing shopping and banking sites, especially those with which you have established accounts.
  • If you are directed to any sort of credit card/account authorization form that you have never seen before, DO NOT input your information. Simply "X" out of the form.
  • From what we have seen thus far, once you exit the authorization form and are back on the legitimate site, you are safe to continue your purchase with the vendor.
  • Notify Daystar (or your IT support vendor) immediately if you experience a fake authorization attack.

Here is a screenshot of the fake Amazon credit card authorization form.

What Daystar is doing next:

This virus is considered a zero-day attack. It is a brand new malware of which the security world is just becoming aware. As noted above, we are working with several security vendors to gather more insight into how it originates and spreads. In addition, we are working on tools to both proactively detect and stop it, and eradicate it from already infected users.

It is early in the phase of this virus, but we thought it critical to alert you as soon as it came to our attention.

Again, if you suspect you are infected, please contact your IT support vendor. Daystar clients should contact us immediately via your support portal, e-mail, or phone at 603-766-5924 x3.

Recent Posts