Psty.xyz Phishing Virus (Fake McDonalds Anniversary)

By Andy Mulholland - Malware Researcher 18 Min Read

The Psty.xyz WhatsApp scams are phishing attempts that trick users into disclosing personal and financial information.

We've received many reports from users who have been receiving this scam through social messaging platforms, both in groups and directly.

Scammers send a message, usually via WhatsApp, promising fake rewards such as a free DeWalt Combi Drill or other valuable items.

The ultimate goal is to entice users to click on a malicious link, complete surveys, and unknowingly provide sensitive information.

This information can then be used for fraudulent purposes, such as identity theft, unauthorized purchases, or sold to third parties on the dark web.

How It Works

The scam usually begins with a WhatsApp message promising an enticing reward.

In recent cases, scammers have used promotional offers such as a free McDonald's meal or a Heineken Beer Father's Day giveaway.

The message includes a link, which, when clicked, initiates a process to determine whether the user is using a mobile device.

This check is performed using JavaScript code embedded on the scam's website.

If the user accesses the link via a mobile device, the site may collect geolocation information based on the victim's IP address.

Depending on their location, the user may be redirected to various websites designed to collect personal information.

If the validation process does not detect a mobile device, the victim may be directed to a broken link or a “404 error” page.

After passing the initial checks, the victim is directed to a website informing them that they have won a prize.

However, in order to claim the alleged prize, users must complete a short survey.

These surveys appear to be harmless, but they are actually used to collect personal information such as names, addresses, phone numbers, and emails.

Once the survey is completed, users are directed to a form where they are asked to provide additional information.

The information collected using these forms can then be used in a variety of ways.

Scammers may make unauthorized purchases, transfer money, or sell personal information to other criminals on the dark web.

Furthermore, future scams may use victims' email addresses and phone numbers to send spam or malware-infested emails.

More about Psty.xyz

The Psty.xyz scam is primarily spread via WhatsApp, but it also appears on Facebook, YouTube, Instagram, and Twitter.

This scam is also promoted through deceptive advertisements, push notifications, and, in some cases, adware or potentially unwanted applications (PUAs) infected the user's device.

Adware can slow down a device by running in the background, displaying unwanted advertisements, and collecting personal information like login credentials and browsing history.

Infected devices may also become spam-sending machines, repeatedly sending the Psty.xyz scam to other contacts without the user's knowledge.

What you should do?

In this type of scam, Psty.xyz can collect your personal information while redirecting you to unwanted websites when you click on the link.

In most cases, there is nothing you can do if you did not click on the malicious link at all; however, as previously stated, malware, specifically adware, can cause Psty.xyz to appear on your device and prompt you to click it.

However, this is only in rare cases, and it is occasionally spread by bot accounts spamming links in numerous public social media groups.

What is cause for concern is that Psty.xyz can also redirect to drive-by download sites and install malicious software on your device.

Banking trojans and other threats have been known to spread in this manner, and while the Psty.xyz link is not entirely malicious, the fact that it redirects the browser is concerning and may pose a risk of malware entry.

We recommend scanning your computer for malware just in case. However, this is completely optional and only for those who are concerned about their device being infected.

How to scan for malware (Android devices)

We recommend scanning your Android device with Malwarebytes, a popular antimalware program designed to remove malware from your device.

This program is completely free to use, though it does offer a premium plan for more robust scanning and real-time malware detection.

Although the free version will suffice to remove the malware, you can use the steps below to scan for malware with Malwarebytes.

  1. Open the Play Store app on your Android device.
  2. To find Malwarebytes Mobile Security, simply enter “Malwarebytes” in the search bar.
  3. Click on Malwarebytes and tap on the Install button.
  4. Once the installation has finished, open the application.
  5. Simply tap Get started.
  6. When you open the app for the first time, Malwarebytes will ask for security permissions on your device. Simply follow the prompts on your screen to enable the necessary permissions.
  7. When you access the Premium screen, you will find clear and straightforward subscription activation and trial options.
    • Start free trial: Begin a trial by subscribing through Google Play. The subscription fee is applied after the 7-day trial period.
    • Already have a subscription: If you already have a subscription, you can easily activate the Premium features by making a purchase from the Malwarebytes online store or restoring a previous Google Play purchase.
    • Skip: Select this option to access the free version.
  8. Once you are in the homepage, click the Scan button to begin scanning the mobile device for malware.
  9. After the scan is finished, follow the on-screen instructions to delete the unwanted objects. Restart the device if prompted.

How to scan for malware (Windows)

Here is the step-by-step instructions for scanning your computer for malware.

Since PC systems can be more complex, we will need more than one piece of security software to help us find the malicious threat.

Here's some good news: The programs mentioned below are completely free, which means you do not need to spend a dime to solve your malware problem. You can always use them anytime you feel your system is infected.

Please run the software individually. You can do so in any particular order.

  • Removal Tool
  • Emergency Kit
  • ESET Scanner
  • Malwarebytes
About the software

1. To start, download the Kaspersky Virus Removal Tool.

KVRT Step1

2. Once the download of the executable file (KVRT.exe) is complete. The program doesn't need to be installed on the computer, so you may begin running it straight away.

KVRT Step2

3. After reading the KSN Statement, Privacy Policy, and End User License Agreement, check the box indicating your agreement to the terms and conditions. To continue, click Accept.

KVRT Step3

4. Please wait for the system initialization process to finish, as the program will first check if your system is compatible.

KVRT Step4

5. Before we start scanning, we will have to set the scope of the scan. Click the Change parameters option to do so.

KVRT Step5

6. Check all the boxes to allow the computer to search through all of the disks and directories for malware. After that, click OK to return to the main screen.

KVRT Step6

7. We can now begin the scan; simply click the Start scan button, and the Virus Removal Tool will begin.

KVRT Step7

8. Await the scan's completion with patience. If there are any risks within the computer system, a notification will be displayed.

KVRT Step8

9. To completely remove the risks that the program has identified, click Delete from the drop-down menu of each discovered object.

KVRT Step9

10. Click Continue to remove the identified malware threats from your computer.

KVRT Step10
About the software

1. Download the Emsisoft Emergency Kit portable software.

Emsisoft Step1

2. You can launch the executable program (EmsisoftEmergencyKit.exe) directly from your downloads folder after downloading it.

Emsisoft Step2

3. Click Yes to let the program start on the computer when the User Account Control window appears.

Emsisoft Step3

4. Choose your program's destination folder and accept the license and maintenance terms. Next, click Install to continue.

Emsisoft Step4

5. Click Malware Scan on the homepage of the Emergency Kit application to start the scanning process. The amount of time it takes for the program to scan your computer will depend on how many files you have and the hardware capabilities of your system.

Emsisoft Step5

6. Emsisoft Emergency Scanner will display a list of the files that the program has detected when the scan is complete. To get rid of threats from your computer, click on Quarantine selected.

Emsisoft Step6

7. To complete the malware removal procedure, Emsisoft Emergency Scanner may also ask you to restart your computer. Simply click Reboot your system to finish the process.

Emsisoft Step7
About the software

1. Download the most recent version of ESET Online Scanner.

ESET Step1

2. After pressing the download button, the file (Esetonlinescanner.exe) should have been downloaded to your computer. It does not require any installations so you can simply run the aforementioned file.

ESET Step2

3. Before using ESET Online Scanner, it must be initialized. Choose your preferred language and click Get started. Continue as directed by the screen until the homepage appears.

ESET Step3

4. Click Computer scan from the homepage, then select Full scan from the three options available.

ESET Step4

5. Give ESET Online Scanner the permission to detect and remove potentially unwanted apps by ticking the Enable option. After that, click Start scan to begin the scanning process.

ESET Step5

6. Await the completion of the malware scan for your machine by the ESET Online Scanner. ESET Online Scanner would have automatically removed the threats it found after the scan. To complete the malware cleanup process, click Proceed.

ESET Step6
About the software

Note: We will only use the free version of Malwarebytes because it includes all of the capabilities we require.

1. Download the latest version of Malwarebytes Anti-malware.

Malwarebytes Step1

2. Malwarebytes will start downloading (MBSetup.exe) the installation file. Run the executable after the download is complete.

Malwarebytes Step2

3. To allow the program to execute, simply click Yes in the User Account Control window that may appear.

Malwarebytes Step3

4. The Malwarebytes setup wizard will now open; select Install to continue.

Malwarebytes Step4

5. You will be prompted by Malwarebytes to install the Browser Guard extension. Depending on whether you want it on your browser or not, you can choose to download it (the extension is completely free).

Malwarebytes Step5

6. Please wait as the Malwarebytes Setup installs itself. Follow the on-screen instructions until you have successfully installed Malwarebytes.

Malwarebytes Step6

7. Start by launching Malwarebytes Anti-malware for the first time after it has been installed. If you're installing Malwarebytes for the first time, you'll get a 14-day free trial of the premium version.

Malwarebytes Step7

8. After the program takes you to the main dashboard, click the Scanner box in the middle to start scanning the computer.

Malwarebytes Step8

9. You won't click Scan just yet when you get to the Scanner page. Rather, select Advanced scans as shown below.

Malwarebytes Step9

10. In the Custom scan section, click Configure scan. We will be able to alter the way the software scans the computer as a result.

Malwarebytes Step10

11. To detect hidden malware, click the box next to Scan for rootkits on the Configure Custom Scan screen. Additionally, to enable Malwarebytes to scan every drive on your computer, check the boxes next to each one.

Malwarebytes Step11

12. Once the Custom Scan options have been adjusted, click the Start Custom Scan button to get started.

Malwarebytes Step12

13. A side window displaying the computer scan's progress will appear. Please wait until Malwarebytes has completed its malware scan of the entire system.

Malwarebytes Step13

14. Following the completion of the scan, a list of threats found will appear. Check the boxes near all the malicious files and get rid of them from the computer by clicking the Quarantine button.

Malwarebytes Step14

If prompted, please restart your computer since Malwarebytes may require it.

Tips to protect your device from malware

As the saying goes:The biggest vulnerability is the person behind the screen

So, here are some tips and what you need to know in order to keep your device safe and malware-free in the long run.

Keep every software installed up to date

Make sure that all of the programs in your computer is up-to-date with the latest version released by the developer. The reason behind this is that these updates frequently tackle bugs and issues that malware actors often exploit.

The same goes for your computer's operating system, make sure Windows is up-to-date with the latest software update to prevent malware from exploiting a hidden vulnerability.

Avoid downloading files from unknown sources

One of the biggest sources of malware infection in a computer system is third-party installations. This happens when a user downloads a certain program from sources that are not the official download links. Some of the common types of sources where malware is present are torrent files, cracked software, and games.

Be careful with opening email attachments

Malware often disguises itself as resumes and quotations and threat actors often send thousands of these infected emails to company employees around the world in order to infiltrate their network.

Always check where your emails are coming from as there may be a chance that the project attachment you received via email did not actually come from a co-worker.

Do not visit unreputable websites

Avoid visiting websites that contain unfiltered advertisements such as illegal streaming websites, cracked software platforms, and links sent out to you by somebody you do not trust.

These sites are often linked to redirect chains that load once you click on an ad element on the page. Following this chain often leads to drive-by malware and phishing pages that an average user may eventually fail to notice.

Leave a comment