Kardphisher – Fakes Windows activation to steal your credit card info

Kardphisher is a trojan that mimics the Microsoft Windows activation interface and is aimed at stealing your credit card information. In a sense, it’s a standalone phishing program.

Here is what Kardphisher does if your system gets infected.

The first time you reboot after getting infected, Kardphisher asks you to reactivate your copy of Windows, citing piracy issues and telling you that another user has activated your copy. It then asks for your credit card information assuring you that you will not be charged.

If you don’t enter the credit card information, Kardphisher shuts down the PC. Worse still, the trojan also disables the Windows Task Manager, which makes it more difficult to shut the malware down.

Since it runs on the first reboot, the message looks quite legitimate. Normally people expect malwares to run when clicking upon a new file. Surprisingly, the program even runs on versions of Windows that do not require activation. While a shrewd user might notice it and get suspicious, most users may not be quick enough to realise that their version of Windows would not ask for activation.

However, you need not be overtly worried about this Trojan. Symantec’s threat assessment of Kardphisher is quite encouraging and there is nothing much to worry about. If you do get infected with Kardphisher you may want to check out the Removal instruction given at Symantec.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>