Sophisticated Ransomware steals PayPal Credentials

All these days we have seen Ransomware variants encrypting a database and locking down the data access until a ransom in bitcoins or other cryptocurrency is paid. But now, researchers from ‘Malware Hunter Team’ have found that the new malware variant is proficient in further deteriorating the situation by stealing PayPal credentials via a phishing attack.

As per the details available from ‘MalwareHunterTeam’- a website which helps victims identify what ransomware has encrypted their files; the attack looks similar to that if a random ransomware attack. But the ransom note is cleverly drafted which allows victims to pay via PayPal as well along with the usual Bitcoin’s path. And here’s where different trouble starts.

Usually, ransomware victims are allowed to pay via cryptocurrency. But in this case, they are also being allowed to pay via their PayPal accounts.
But in reality, the PayPal site through which the victim is directed to is fake and is a phishing site which attempts to steal the victim’s PayPal username and passwords.

Thus, the ransomware developers will be rewarded with a double whammy- first they will get the ransom as per the demand for decrypting a database and second is that they can also steal the digital currency available in the account of the victim.

Britain’s National Cyber Security Center (NCSC), a cybersecurity wing of GCHQ has published a piece of advice on its website which says not to pay the hackers who strike your database with ransomware.

When it comes to avoiding the phishing attacks, people need to be very careful while clicking on URL links sent to them via emails, phone messages or website URLs.

As PayPal already offers 2-factor authentication, this added an extra layer of security helps in rationalizing a user’s name and password from getting compromised.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display