A new in-development ransomware has been discovered that not only encrypts your files, but also tries to steal your credit card information with an included PayPal phishing page.
The ransomware itself is nothing special, but the ransom note is clever as it not only tries to steal your money through a normal bitcoin ransom payment, but also offers a choice to pay via PayPal. If a user chooses to pay using PayPal, they will be brought to a phishing site that will then attempt to steal the victim's credit card information and if they click around, their PayPal credentials as well.
This ransomware was discovered by MalwareHunterTeam and contains a ransom note that states the user can either pay via Bitcoins or use PayPal.
 |
 |
If a user clicks on the PayPal Buy Now button, they will be brought to a phishing page that does a pretty good job of masquerading as what appears to be a legitimate PayPal page.
The only difference is that if they submit their information, instead of it being sent to PayPal.com, it is sent to http://ppyc-ve0rf.890m.com/s2[.]php, which then displays another form asking for your address and other personal information.
Ultimately, after filling in all the requested info, the phishing page states your account has been unlocked and redirects you to the normal PayPal login page, where you are prompted to login.
As you can see, ransomware developers and criminals are utilizing trickier and smarter methods to steal money from their victims. It is important to always analyze any web pages that you visit before you enter your login credentials. If the address looks strange or does not match its content, do not enter your credentials and leave the page immediately.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now