Phishing scam uses #Palestinian domain name http.PS

The latest in a series of phishing scams uses a domain from the Palestinian ccTLD, dot .PS.

The domain http.PS is embedded in a link to hide the actual domain and make it look like a typical web prefix, such as “https.”

The threat actors are taking advantage of the fact that since Google Chrome version 76, the “https” part and special-case subdomain “www” are no longer shown to users, according to Malwarebytes.

What happens next: the phishing campaign downloads a skimmer javascript file that records keystrokes and uploads credit card data to a scammer’s remote server.

It appears that Russian scammers are behind this campaign, that also involves the domain autocapital.pw under the same IP address.

Copyright © 2024 DomainGang.com · All Rights Reserved.