Security Alert: Malware mimics authorization form on popular sites

By: Daystar - Your Technology Partner March 23, 2017

Cybersecurity| Article Post| Owner / CEO| Operations| Finance| IT

We have come across a new piece of malware that targets infected users' information on established banking and shopping sites. This nasty virus is brand new; we are actively working with several security vendors to identify how it originates and how to eradicate it. Although not all information is readily available at the moment, we wanted to notify you immediately.

What we know now:
Once infected, the malware waits until the user visits an established shopping (e.g. Amazon) or financial services (e.g. banking) website. When making a purchase or logging in, the virus activates by redirecting the user off the legitimate site to a fake authorization form that looks like it is coming from your trusted vendor. It's intelligent enough to grab the last 4 digits of your credit card/account. It requires you to re-enter your credit card/account information, including CVV and expiration dates.

It's important to know that your vendors are not compromised. The virus cannot detect the information already inside your account. It can see public information, e.g. the last 4 digits of your credit card, and use that data to trick you into thinking the authorization is legitimate. When you are directed to the authorization site, it is not your vendor's site. When you type in the authorization information, the malware uses keylogger tools to capture your financial data.

What you can do:

  • Please share this post with all of your users.
  • Be extremely vigilant when accessing shopping and banking sites, especially those with which you have established accounts.
  • If you are directed to any sort of credit card/account authorization form that you have never seen before, DO NOT input your information. Simply "X" out of the form.
  • From what we have seen thus far, once you exit the authorization form and are back on the legitimate site, you are safe to continue your purchase with the vendor.
  • Notify Daystar (or your IT support vendor) immediately if you experience a fake authorization attack.

Here is a screenshot of the fake Amazon credit card authorization form.

What Daystar is doing next:

This virus is considered a zero-day attack. It is a brand new malware of which the security world is just becoming aware. As noted above, we are working with several security vendors to gather more insight into how it originates and spreads. In addition, we are working on tools to both proactively detect and stop it, and eradicate it from already infected users.

It is early in the phase of this virus, but we thought it critical to alert you as soon as it came to our attention.

Again, if you suspect you are infected, please contact your IT support vendor. Daystar clients should contact us immediately via your support portal, e-mail, or phone at 603-766-5924 x3.

When was the last time you checked in on your IT performance?

The Business IT Checklist shows you the 7 steps you need to take to enhance your business technology immediately.

Download the 7-Step Checklist
business-it-checklist
Daystar - Your Technology Partner

Written by Daystar - Your Technology Partner

Would You Like to Work With Us?

Technology can be your best friend or your worst enemy.
We make sure it’s your best friend.

DayStar Logo - White 1

LOCATION 121 Shattuck Way Suite 10
Newington, NH 03801 Support: (603) 766-5924
Sales: (888) 507-8067

FOLLOW US
Contact Us
Daystar is a managed IT services provider and business technology integrator serving businesses and organizations in the tri-state area throughout New Hampshire, Maine, and Massachusetts.

© 2024 Daystar, All rights reserved.