Developer of anti-virus solutions Doctor Web
According to the Doctor Web virus laboratory, in order to maximize audience coverage, attackers used resources based on the CMS WordPress - from news blogs to corporate portals, to which hackers managed to gain administrative access. A JavaScript script is built into the page codes of compromised sites, which redirects users to a phishing site masquerading as an official Google resource (see screenshot above).
Using a backdoor, attackers are able to deliver a payload in the form of malicious applications to infected devices. Among them: the X-Key Keylogger, the Predator The Thief stealer, and a Trojan for remote control via RDP.
To avoid unpleasant incidents, Doctor Web specialists recommend being extremely careful when working on the Internet and advise not to ignore the phishing resource filter provided in many modern browsers.
Source: 3dnews.ru