Rewterz

Rewterz Threat Alert – NTCrypt – A Malicious Packer

December 23, 2019
Rewterz

Rewterz Threat Alert – Dacls, the Dual platform RAT

December 23, 2019

Rewterz Threat Alert – PayPal Phishing Attacks

Severity

Medium

Analysis Summary

An ongoing phishing campaign is targeting PayPal customers with emails camouflaged as ‘unusual activity’ alerts warning them of suspicious logins from unknown devices and attempting to squeeze them dry of all their credentials and financial info.

Phishing email sample

After the target lands on the PayPal-branded phishing site, the phishers will again remind them that they need to prevent unauthorized access to secure their accounts, asking them to confirm their ‘informations’ by entering a CAPTCHA code displayed on the page.

Account verification phishing page
Account restored

Throughout the campaign, the attackers used multiple phishing domains with names designed to somewhat resemble an official PayPal site.

All the phishing sites were delivered via HTTPS secured connections, displaying a green padlock to increase the targets’ trust and give them a semblance of legitimacy.

Impact

  • Credential theft
  • Financial loss

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Always look for legitimate URL of the website you land in when you click on the link via email.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.