Researchers from MalwareHunterTeam have discovered new ransomware which is capable of stealing PayPal credentials via a phishing site. Researchers revealed that the ransomware contained a ransom note asking users to pay via Bitcoin or use PayPal.
The ransom note which states that ‘Files have been encrypted! and your computer has been limited!’ asks users to pay via Bitcoin or PayPal for unlocking their PCs.
“Files have been encrypted! and your computer has been limited! To unlock your PC you must pay with one of the payment methods provided, we regularly check the activity of your screen and to see if you have paid, PayPal automatically sends us a notification once you’ve paid, But if it doesn't unlock your PC upon payment contact us CryTekk@protonmail[.]com,” the ransom note read, BleepingComputer reported.
“When you pay via BTC, send us an email following your REF number if your PC doesn't unencrypt. Once you pay, your PC will be decrypted. However, if you don’t within 14 days we will continue to infect your PC and extract all your data and use it,” the ransom note added.
Fraudulent PayPal phishing page
The ransom note gives users a choice either to pay via Bitcoin or use PayPal.
MalwareHunterTeam tweeted, “A ransom note that direct victims to a PayPal phishing page. Clicking on the Buy Now button, it directs to the credit card part of the Phish already (so the login part is skipped). After filling & clicking Agree comes the personal info part & then finished.”