Activation screen showing only a paltry $99.9<-haha to remove the threats!
Best offer FTW!!!
Observed C2 traffic samples shown below:
Credit card “processing” at 126.96.36.199. Full PII including CC Number, Exp and CVV right there in the URI string. How fun!
The victim has the ability to make a “settings” change to allow login to the infected system, but the FakeAV malware prevents network communications until the victim has ponied up. Not a good way to start off the new year