Scammers Use Genuine PayPal Emails To Spread Banking Malware

The scamming level has increased so high that cyber criminals are using PayPal’s legitimate emails to spread dangerous Chthonic banking trojan. PayPal like other financial institutions is a favorite target of scammers. However it is unclear how the scammers are sending emails from legit PayPal email addresses.
The campaign was exposed by researchers at IT security company Proofpoint who found that some unknown cyber criminals are using genuine PayPal emails to not only scam money out of users but also installing banking malware on their devices. Recently there has been an increase in PayPal related phishing scams.

How Was The Scam Done?

It starts with users receiving an email from members@paypal.com email address alerting them about a supposed unauthorized transaction of 100$ from a PayPal user and how he wants his money back.The email comes with subject line “You’ve got a money request”.
However its content contains a Google shortener URL (Goo.gl) which user has to click in order to return the unauthorized transaction. Upon clicking the Goo.gl link a JavaScript file labeled “paypalTransactionDetails.jpeg.js” is downloaded on user’s device but at the same time it also downloads a flash executable file which when clicked installs Chthonic banking malware, a variant of the Zeus banking Trojan.