PayPal Misused in Malicious Spam Campaign

According to Proofpoint the global security company, PayPal the online payment processing portal seems to be circulating spam mails although with a genuine message telling the recipient that someone has requested him to send money. Also, the person requesting the money exists, only the request is through PayPal where spammers registered after compromised his personal information. The spam mails that PayPal seems as sending originate from the authorized e-mail id of the website, and here is the catch where victims are unable to realize the ruse.

The spammers made use of the form of PayPal required when money requests are made and included customized text in the custom field. Along with the text, they also added one short URL Goo.gl, which opened into a website from where a file named paypalTransactionDetails.jpeg.js is automatically downloaded onto the victim's PC.

But before that if the URL is clicked, an amount of $100 gets debited to the victim's PayPal account while his computer (Windows PC) gets contaminated with a Trojan called Chthonic. Itwire.com posted this, July 27, 2016.

Proofpoint further observes that Chthonic pulls down another malware which is called AZORult. While the function of this malware isn't yet known, investigation is on to find its characteristics.

According to threat operations' vice president Kevin Epstein of Proofpoint, it isn't unknown of instances when malware distributors exploited genuine websites. Nevertheless, the current spam campaign is so well engineered that it doesn't merely evade the conventional security defenses but also deceptively makes the victim follow malicious web-links and pay money.

Unfortunately, visits to the fake Goo.gl URL have occurred as many as 27 times. Moreover, the hacking of the genuine PayPal accounts is also uncertain for it could be that the crooks created fake accounts in the name of genuine accountholders from where the money request came.

Proofpoint analyzes that the above types of attacks are hard for accountholders on PayPal to realize. Rather the company and similar other client-servicing websites require to proactively scrutinize for authenticity of URLs when they pass through e-mail/network gateways, as well as check for fake messages. Additionally, they should provide basic information training to users.

» SPAMfighter News - 8/2/2016