Researchers with Trend Micro are seeing upgraded CTB-Locker ransomware being delivered in fake Google Chrome and Facebook emails as part of an attack that is also tied to a PayPal phishing campaign.
Recipients of the phony Google Chrome email are told that they should upgrade their browser because it is out-of-date and potentially vulnerable, according to a Thursday post by Michael Marcos, threat response engineer with Trend Micro.
Clicking on the link in the email will direct users to a website hosting a new variant of CTB-Locker, Marcos wrote, explaining that the ransomware uses a Google Chrome icon as a way of fooling people into thinking it is an installer package.
CTB-Locker is also being delivered to individuals via an email purporting to come from Facebook. The email states that the recipient’s social media account has been temporarily disabled until they read the new terms and policies, which can be found by clicking a link. Clicking it results in a variant of the ransomware being downloaded, which disguises itself as a PDF file.
In both instances, CTB-Locker is being hosted on compromised websites that are linked to one IP address, Marcos wrote. He then goes on to explain how further research revealed that the URLs are also associated with a PayPal phishing campaign.
Read the Full Article: Source – SC Magazine
http://www.scmagazine.com/ransomware-delivered-via-fake-chrome-and-facebook-emails-tied-to-paypal-phishing/article/398230/
Leave a Reply
You must be logged in to post a comment.