Phishing is a way to illegally acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication (web site, email, etc). Those fake websites are hosted on compromised sites without the owner's permission and are sent to the victims using mailing scripts, hosted or not in the same server where the phishing page is.
Phishing pages are often complex and rely on several files to run. They will be hosted on a specific directory resembling the phishing target.
This signature targets on a series of known fingerprints left by scammers on their code.




This malicious code affects any vulnerable or compromised website that is configured to interpret the script language.


Inspect your site's files, specially theme related, to find for code you don't recognize. Look for any encoded or obfuscated PHP code.
Also, you can sign up with us and let our team remove the malware for you.


<form action=next.php name=chalbhai id=chalbhai method=post>

<input name="formtext1" placeholder="Apple ID" required class="textbox" type="email" style="position:absolute;width:308px;left:621px;top:183px;z-index:2">

<input name="formtext2" placeholder="Password" required class="textbox" type="password" style="position:absolute;width:308px;left:620px;top:247px;z-index:3">

<div id="formimage1" style="position:absolute; left:816px; top:339px; z-index:4"><input type="image" name="formimage1" width="278" height="50" src="images/sign in.png"></div></form>