A New Scam To Steal Your Gmail Info + Caphaw Trojan Found in Youtube Ads

23 Mar


Warning: If you receive an email with the subject “Documents,” and it directs you to a webpage that looks like a Google Drive sign-in page, do not enter your information. It’s likely a new phishing scam, in which a thief creates a fake portal that asks for people’s private information and then steals it. (Netflix recently faced a similar issue.)
This one uses a fake Google Drive landing page to get your Gmail address and password, cyber security company Symantec’s official blog reported last Thursday. You’re meant to think that the documents you’ll be viewing are on Google Docs and that you need to sign in to see them. Remember, though, it’s all a scam.
If you were to put your Gmail address and password in the fake login, your credentials would be stolen, but you’d be taken to a real document on Google Docs, so you might not even know you’d been scammed, Symantec says.
As always, the easiest way to protect yourself from phishing scams is to not click on unknown links and not open emails from unknown senders. Also, don’t type your password anywhere that you’re not 100 percent sure is real.


Looks so scary, doesn’t it? The two log-in pages look identical to me on the The Huffington Post link! Also earlier last month, Youtube ads have security leaks, too!!!


The malware being served is a Caphaw banking Trojan.  Emsisoft detects Trojans from this family as Trojan.Win32.Caphaw.
The attackers are infecting Youtube users through third-party Youtube ads, using the drive-by download technique.
Further investigation has revealed that the ad network serving the Caphaw malware is also hosting the Styx exploit kit.  An exploit kit is a toolkit hackers can purchase ready-made and then place on malicious websites to automatically target common vulnerabilities present on un-updated computers.  The Styx exploit kit targets Java vulnerabilities in particular.  Research indicates that in this attack Styx is being used to target CVE-2013-2460.
The Caphaw Trojan allows attackers remote control of your PC.  With such control, attackers may directly access your files, monitor your Internet usage, or use your PC for any number of malicious activities.


So, if you have clicked on any Youtube Ads since February, make sure you scan your computer with an anti-virus program specifically detecting Trojan virus!! And if you recently logged on to Google through a suspicious email request, it is strongly recommended to change your Google password immediately!! After all, passwords are the first line of defense to Internet security. Also keep in mind that it is important to remember any email containing attachments, links, or requests to share files should be carefully examined before you click. Emails are common vectors for malware, and messages from anyone but trusted co-workers, family members, or friends should automatically raise suspicion! If you suspect your trusted ones’ accounts are/seem hacked, make sure you duly inform them!



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: