Kardphisher - Fakes Windows activation to steal your credit card info
Kardphisher is a trojan that mimics the Microsoft Windows activation interface and is aimed at stealing your credit card information. In a sense, it’s a standalone phishing program.
Here is what Kardphisher does if your system gets infected.
The first time you reboot after getting infected, Kardphisher asks you to reactivate your copy of Windows, citing piracy issues and telling you that another user has activated your copy. It then asks for your credit card information assuring you that you will not be charged.
If you don’t enter the credit card information, Kardphisher shuts down the PC. Worse still, the trojan also disables the Windows Task Manager, which makes it more difficult to shut the malware down.
Since it runs on the first reboot, the message looks quite legitimate. Normally people expect malwares to run when clicking upon a new file. Surprisingly, the program even runs on versions of Windows that do not require activation. While a shrewd user might notice it and get suspicious, most users may not be quick enough to realise that their version of Windows would not ask for activation.
However, you need not be overtly worried about this Trojan. Symantec’s threat assessment of Kardphisher is quite encouraging and there is nothing much to worry about. If you do get infected with Kardphisher you may want to check out the Removal instruction given at Symantec.com.
If you're new here, you may want to subscribe to my RSS feed or get updates through email. Thanks for visiting!
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Leave a comment