Thursday, July 28, 2016

Banking Trojan found in PayPal's money request emails

Spamming through emails is a common technique used among cyber criminals to spread malicious content in order to infect end users. Even though many organizations and home user have applied adequate methods to prevent these methods, cyber criminals never give up and they always look for ways to bypass all controls and appear in your inbox.

Proofpoint analysts found a malware distribution that co-opts PayPal services but in a small size. As it appears, PayPal request money emails have been spreading the Chthonic banking Trojan. 

They found and observed emails with the subject “You’ve got a money request” from PayPal. The interesting thing they found is that the sender was not faked. It appears that the emails, with the malicious link, were send through PayPal portal (money sending service) by using Pay-Pal registered accounts and not fake emails.

1: Email delivering malicious content - Proofpoint

The personalized message explains that the victim's PayPal account has been used to defraud another PayPal user but actually that other PayPal user is the criminal; asking for money.

How end users get infected?

In case the user finds the e-mail as legitimate and clicks on the malicious link, he or she will be immediately redirected to katyaflash[.]com/pp.php, which downloads an obfuscated JavaScript file named paypalTransactionDetails.jpeg.js. If opened, end user will be infected with Chthonic, a variant of the Zeus banking Trojan.

Proofpoint underlined in their blog post a concern on their side since mail providers including Google didn’t block the email, even though it carried a malicious link.

"Although the scale of this campaign appeared to be relatively small (this particular example was only detected through one of our spam traps; as of the writing of this blog, the malicious link has only been clicked 27 times according to Google Analytics for the URL shortener), the technique is both interesting and troubling," Proofpoint said in a blog post.

Users who don’t have any adequate anti-malware software, installed on their PC or mobile device, that has the power to detect and block these kinds of malicious activities can becomes victims easily and the impact of the attack is not low.

PayPal got informed on this malicious activity and they will take necessary actions.
This is not a first organization that experienced abuse of their service but this kind of situations always remind us on the technique threat actors can use to bypass traditional defences, regardless of the specific provider protection levels.

What we can conclude here is that end users should always put additional layer of security before they engage with any website or any online activity, especially ones that during your interaction include financials transactions.


  1. I found that site very usefull and this survey is very cirious, I ' ve never seen a blog that demand a survey for this actions, very curious...
    hong kong shelf companies

  2. This comment has been removed by the author.

  3. First, sign up for a PayPal account on PayPal. some human beings have attempted to argue that IP is a trouble. however I emphatically inform them it isn't at all. how to make paypal account in pakistan 2017

  4. A blend wit and momentous words. Exactly what I was looking for.

  5. It proved to be Very helpful to me and I am sure to all the commentators here! Mi Nuevo Credito

  6. Saw many blogs. Read many writings. This is something different. Something amazing.
    established websites for sale

  7. Utilization of refined and mesmeric is all that is expected to deliver such a grand blog.
    paypal money hack

  8. you can use your computer to help you recall your login details. You should avoid the "remember my password" option, however. To make sure your information stays safe, be careful to keep your hdfc netbanking login details private and secure.

  9. In this period of false reverence, the author has composed each word with everything that is in him filled it.
    most expensive app

  10. Any of the surveys completed are usually multiple choice, and are incredibly simple to complete. Occasionally these are even enjoyable, concerning observing clips from the latest movie trailers and providing relevant feedback. Earn in Few Days