New ransomware steals PayPal data with phishing link in ransom note

Ransomware is a reality and threat actors are using it quite avidly and frequently nowadays in order to make easy money. According to the new findings of MalwareHunterTeam, there is in-development ransomware that can encrypt your files, steal credit card information and steal PayPal credentials using the phishing page.

The ransomware is not extraordinary in its functioning at all but the related ransom note is designed quite intelligently. The note attempts to steal money via standard Bitcoin ransom payment and offers the user an option to pay through PayPal. In case the user opts to pay via PayPal, a fake login page will be displayed so that when the victim enters login credentials, the attackers steal it to hijack the account.

Ransom note (Image credit: MalwareHunterTeam/Twitter)

In this way, this ransomware is different as not only it can steal your credit card information but hijacks your PayPal account as well because the information you enter is not sent to but to another link ppyc-ve0rf890mcom/s2php. This link belongs to the attacker and once you reach there, it asks for personal information such as your residential address.

Fake PayPal login page (Image credit: MalwareHunterTeam/Twitter)

After the user enters all the required data, the phishing page states that the account has been unlocked and takes the users to the original PayPal login page. This shows how smartly threat actors are planning to steal all your cash.

It is also important to enable 2FA authentication on PayPal as it adds an additional layer of security in such situations. Another tip is that user must always recheck the old security questions and set a new one regularly because hackers can identify the answers using open source research. Lastly, only enter personal details when you are hundred percent sure that the website is authentic and reliable.

Moreover, PayPal users are urged to be vigilant and don’t fall for such phishing scam otherwise they will lose much more than their PayPal account.

In case you have received such email and can’t differentiate between an original and a fake email go to PayPal website directly and login to check its resolution center. The PayPal website has a verified green signature as shown in the screenshot below:

Here are 5 tips that will protect you against phishing scam. Also, we have published an exclusive guide explaining users about dangers of ransomware attacks and how to protect from them. Follow this link for more information.

Related Posts