A web page pretending to offer an official application from PayPal is currently spreading a new variant of Nemty ransomware to unsuspecting users. This latest occurrence of Nemty was observed on a fake PayPal page that promises to return 3-5% from purchases made through the payment system.
Digital attackers created a fake PayPal website to distribute samples of a new variant of the Nemty crypto-ransomware family.https://t.co/iQHHzfmeRK
via @DMBisson #ransomware #Nemty
— Tripwire (@TripwireInc) September 9, 2019
Such an attack could and should be blocked by a security solution at each and every stage: pre-delivery, when the fake page is being browsed, when the executable is downloaded to the computer and when the executable begins operating. Without such a solution in place, it is imperative that users be especially careful when clicking any link they receive.
This approach is unique to what other cybercriminals are currently doing in that phishing attacks typically distribute malware via email rather than being sent directly by fraudulent websites. Security solutions, which are designed seek out this more ‘traditional’ approach form of phishing, are much less likely to detect this kind of attack. The scam is also presented to be highly alluring and appear credible to the unsuspecting and unprotected user.