Attackers Began to Embed Keyloggers in Phishing Pages

keyloggers in phishing pages

Analysts from the Cyble company recorded an interesting phishing campaign against users from Greece: attackers began to embed keyloggers into phishing pages.

The operators of this scam operate phishing sites that mimic the official website of the Hellenic Tax Authority. Sites contain a keylogger that steals credentials and other information as you type.

Let me remind you that we also wrote that Cybersecurity Researchers Discovered a New Phishing Kit targeting PayPal Users.

The attack on Greek users begins with the usual phishing emails, in which the attackers impersonate the Greek Tax Service and tell the user the good news: he is allegedly entitled to a tax refund in the amount of 634.13 euros after the recalculation. The emails say that it was not possible to automatically send funds to the recipient’s bank account due to some problems.

keyloggers in phishing pages

As a result, the user is asked to visit the website of the tax service and pass the check on their own. The emails contain links leading to several phishing spoofs of the official website of the Hellenic Tax Authority (govgr-tax[.]me/ret/tax, govgreece-tax[.]me and mygov-refund[. ]me/ret/tax).

On the fake site, visitors are asked to select a banking institution to send funds to. Victims are offered seven options to choose from, including several major Greek banks. Depending on which bank the user chooses, they will be redirected to another fake resource. As a result, the login page will be designed in the style of the selected financial institution.

keyloggers in phishing pages

When the victim starts entering their credentials in the proposed form, the JavaScript keylogger present on the page will work, intercept all keystrokes and pass the data to their operators.

keyloggers in phishing pages

Thus, attackers will have access to information in real time. Even worse, even if the user changes his mind at the last moment and does not click the “Submit” button, it will no longer matter, because the information is compromised instantly, right as it is typed.

Read also: Is It Safe to Use a Password Manager in 2022?

keyloggers in phishing pages

The researchers note that phishers rarely use real-time keylogging, and it is likely that this attack aimed at the Greeks may indicate the emergence of a new and extremely dangerous trend among hackers. This type of attack can significantly increase the likelihood of successful theft of account data, and the JavaScript keylogger will load and work even if the victim has configured the browser to block third-party trackers.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published.