A website which offers financial services to people who are serving or who have served in the US Military and their families has suffered from a watering-hole attack.
According to Jesper Jurcenoks, VP of research at Critical Watch, said in a blog that phishing websites are installed all the time on unsuspecting websites, typically through old CMS versions. He said that one ISP found 6 USAA Phishing sites last Friday and another four yesterday.
In this instance, the malware is a new variant of the KeniHack phishing family, each spam victim gets a unique URL and collected credentials are emailed to the phisher via Gmail. Each successful phishing email where the victim clicks on the email link spawns another copy of the phishing website, but it is unclear to what purpose.