A new Merrill Lynch phish is hitting the rounds, with a dangerous payload.
The phish typically looks something like this:
Subject lines include “New ML Business Centre Login Page”, “Merrill Lynch Business Centre with new Login Page?” and “Merrill Lynch Business Centre Website changing marketing process.”
The phish points to a website which pushes a new “certificate” that is needed.
The “Certificate” is a variant of Papras, a data-stealing trojan. However, don’t expect it’s only Merrill Lynch. We believe that this trojan is being used in a similar Colonial Bank scam, and there are likely others.
Alex Eckelberry