Select Page

A new Merrill Lynch phish is hitting the rounds, with a dangerous payload.

The phish typically looks something like this:


Subject lines include “New ML Business Centre Login Page”, “Merrill Lynch Business Centre with new Login Page?” and “Merrill Lynch Business Centre Website changing marketing process.”

The phish points to a website which pushes a new “certificate” that is needed.


The “Certificate” is a variant of Papras, a data-stealing trojan. However, don’t expect it’s only Merrill Lynch. We believe that this trojan is being used in a similar Colonial Bank scam, and there are likely others.

Alex Eckelberry