Scammers Now Use Genuine PayPal Emails To Spread Banking Malware

  • 258
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    258
    Shares

The scamming level has increased so high that cyber criminals are using PayPal’s legitimate emails to spread dangerous Chthonic banking trojan. PayPal like other financial institutions is a favorite target of scammers. However it is unclear how the scammers are sending emails from legit PayPal email addresses.

The campaign was exposed by researchers at IT security company Proofpoint who found that some unknown cyber criminals are using genuine PayPal emails to not only scam money out of users but also installing banking malware on their devices. Recently there has been an increase in PayPal related phishing scams.

scammers-using-legitimate-paypal-emails-to-spread-banking-malware

How Was The Scam Done?

It starts with users receiving an email from [email protected] email address alerting them about a supposed unauthorized transaction of 100$ from a PayPal user and how he wants his money back.The email comes with subject line “You’ve got a money request”.

However its content contains a Google shortener URL (Goo.gl) which user has to click in order to return the unauthorized transaction. Upon clicking the Goo.gl link a JavaScript file labeled paypalTransactionDetails.jpeg.js” is downloaded on user’s device but at the same time it also downloads a flash executable file which when clicked installs Chthonic banking malware, a variant of the Zeus banking Trojan.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply