Scammers Now Use Genuine PayPal Emails To Spread Banking Malware

  • 258
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    258
    Shares

The scamming level has increased so high that cyber criminals are using PayPal’s legitimate emails to spread dangerous Chthonic banking trojan. PayPal like other financial institutions is a favorite target of scammers. However it is unclear how the scammers are sending emails from legit PayPal email addresses.

The campaign was exposed by researchers at IT security company Proofpoint who found that some unknown cyber criminals are using genuine PayPal emails to not only scam money out of users but also installing banking malware on their devices. Recently there has been an increase in PayPal related phishing scams.

scammers-using-legitimate-paypal-emails-to-spread-banking-malware

How Was The Scam Done?

It starts with users receiving an email from [email protected] email address alerting them about a supposed unauthorized transaction of 100$ from a PayPal user and how he wants his money back.The email comes with subject line “You’ve got a money request”.

However its content contains a Google shortener URL (Goo.gl) which user has to click in order to return the unauthorized transaction. Upon clicking the Goo.gl link a JavaScript file labeled paypalTransactionDetails.jpeg.js” is downloaded on user’s device but at the same time it also downloads a flash executable file which when clicked installs Chthonic banking malware, a variant of the Zeus banking Trojan.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]om

Leave a Reply