Posted by: Samker
« on: 21. November 2008., 08:39:06 »This particular program we're about to look at is currently being promoted via videos on sites such as Youtube. The program is touted as an "electronic Paypal hacker" - supposedly, it reaches right into Paypals systems and simply "creates digital money", despositing an amount of your choice into your Paypal account. There now follows some cod-technospeak as the creator attempts to define this supposedly "victimless" crime:
"All verified accounts are stored on a verified server. That's where all the cash gets sent. When people send cash, they send packets. When you have $10 or more, that means you have enough packets for the hack to execute. When people send the fake PP cash, I grab their packets and it adds to your account. It is completely legal, Paypal money is electronic so no harm done to ANYONE!"
....sigh. Well, there's no harm done except to anyone foolish enough to fall for such a scam. In time honoured tradition, this is what the EXE looks like on your desktop:
Look, a moneybag! It has to work! Fire the program up, and...
Very slick looking. Hit the "I Agree" button, and you'll see this:
...you're presented with a rather fetching interface. In the spirit of making you think they're doing you a favour, you can find an MP3 player built in, links to popular networking sites along the bottom (along with a few hacking sites for good measure) and a big blank browser window.
How does this program work?
Yes, amazingly that's all there is to it. Honest. Hit "Connect", and you'll see some random messages appear in the Status Display - just to make you feel more like you're really doing something hacker-ish:
With programs like this, who needs to watch The Matrix? Anyway, the previously empty browser window now fills up with the Paypal website:
Our wannabe hacker still hasn't actually hacked anything yet, but fear not - hit the "Add Cash" button (after selecting an amount of either 100 Dollars or Euros), the following screen appears:
"Choose the amount you want, then login in this TPPH Login page to receive the money into your account. Attention: This will not work if you don't have a valid (verified) Paypal account containing $10".
Of course, anyone familiar with Paypal will know that this popup is not from the official Paypal website - it's something the creator of the application has put together. Let's see - they want you to "Submit" your Paypal login details somewhere....they want you to have a Verified account....and they request that you already have a minimum amount of cash in there when you submit the information.
Does that sound like you're going to get free Paypal money? Or does it sound more like you've just sent your Paypal login details to a complete stranger in an overly elaborate fashion?
This is detected as PPHack.
(FaceTime)