Trojan.HTML.PHISH.FV

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Information Theft

This Trojan gathers the following data:

• Credit card information
• Verification code

Stolen Information

This Trojan sends the gathered information via HTTP POST to the following URL:

• https://{BLOCKED}toonami.com/index.php

Other Details

This Trojan does the following:

• Displays the following upon accessing the URL:
  • https://{BLOCKED}toonami.com/
    
• Redirects to the following URL upon clicking the "Continue" button, aimed to gather the user's credit card information:
  • https://{BLOCKED}toonami.com/card
    
• Once the credit card information has been verified, it redirects to the following URL that contains the confirmation code to be used for Trojan.Win32.COPPERPHISH.FV:
  • https://{BLOCKED}toonami.com/result
    
• In cases that the credit card information validation requires a verification code, the user may be directed to this URL where the used is asked to enter the verification code:
  • https://{BLOCKED}toonami.com/sms
    
• It connects to the following URLs for javascript used by the webpage:
  • https://{BLOCKED}toonami.com/js/chunk-vendors.8425a6ef.js
  • https://{BLOCKED}mi.is/script.js
  • https://{BLOCKED}toonami.com/js/app.3b79586b.js
• It connects to the following URL for images displayed inside the webpage:
  • https://{BLOCKED}toonami.com/favicon.ico