Malwarebytes security researcher Peter Arntz has discovered a new fraud scheme in which scammers use an error message and a fake Troubleshooter for Windows application (Paypal,Fraud Scheme) to trick the user into buying a non-existent Windows Defender Essentials software for $ 25.
As a method of payment, users are encouraged to use PayPal, Bleeping Computer reports .
According to the researchers, the fake application is distributed through a hacked installer of third-party software. The application displays a message on the user’s screen that “Windows encountered an unexpected error” and the computer “does not have the .dll registry files, which causes the computer to crash.” The victim is offered to click “Next” to diagnose and fix the problem.
If you select this option, the screen displays a list of nonexistent problems and a message that you can not fix them with standard Windows tools. Also, a “recommended” link will appear on the screen, where the user is offered to buy a non-existent Windows Defender Essentials application worth $ 25. For payment it is offered to use PayPal.(Paypal,Fraud Scheme)
When the installer is launched, 4 executable files are downloaded to the user’s computer: BSOD.exe (fake crash warning), troubleshoot.exe (a fake troubleshooter), scshtrv.exe (takes a screen shot of the victim), and adwizz.exe (shows advertisements) .
As the researchers noted, there is a simple way to fool the malicious. To do this, on the screen with the PayPal details, you must press Ctrl + O to open the dialog box and enter the address http: / / hitechnovation.com/thankyou.txt. After that, the program will calculate that the victim paid and turns off.