Digital attackers created a fake PayPal website to distribute samples of a new variant of the Nemty crypto-ransomware family.
Security researcher nao_sec uncovered the ransomware variant after they came across a fake PayPal website. This site promised users a return of 3-5 percent for making purchases through its payment system. But its primary purpose was to trick visitors into downloading and running a malware executable called “cashback.exe.”
To do this, the site stole the structure and branding of PayPal’s official site to trick users into believing it was a legitimate location. It also leveraged homograph domain name spoofing techniques to fool users who might have been a bit warier of its promises.