Omid Farhang
If you like downloading or installing programs on your PC related to XBox gaming, you might want to take heed of this writeup. There’s a fake application kit in circulation that allows an attacker to create a website claiming to be an XBox Live application that takes the form of a Java install.
Upon visiting a site related to this scam, the end-user will see a blank webpage with nothing other than a Java notice and a fake Softpedia award at the bottom of the screen:
After a second or two, the page becomes a little more lively with the promise of XBox related action to come:
At this stage, the end-user will be presented with the following Java prompt:
Note that they list the publisher as “Microsoft”, which is always going to make potential victims a little bit easier to trick into hitting the Run button. In this particular attack, the end-user installs a file that looks a little bit like an art program.
It isn’t an art program. The end-user will find a file called Crypted.exe in their Temp folder, which is another way of saying Trojan-PWS.Win32.Fignotok.A, a password stealing program that attacks applications such as Firefox, Steam and IM clients. VirusTotal here.