It is currently 24-09-2017 15:10

Cybercriminals use PayPal for the distribution of one of the variants of the Zeus Trojan

Cybercriminals use PayPal for the distribution of one of the variants of the Zeus Trojan

by sigismund » 2016-08-01 13:11:15

__tp://www.securitylab.ru/upload/iblock/286/2867522d3c75b6df09230193ee724d2c.jpeg

cyber Criminals sending spam emails, demanding the return of the mistakenly sent funds.


The experts of Proofpoint have fixed the malware campaign, operating the payment service PayPal for the distribution of banking Trojan Chthonic. During the campaign, attackers use hacked or a new PayPal account for sending e-mails supposedly from the service administration with a request to return wrongly sent to the account money.

The message indicates that the user account was accidentally transferred $100 and the funds to be returned. The notice attached a link to a screenshot allegedly showing the details of the erroneous transaction. Actually included in the email, the link redirects the user to the page katyaflash[.]com/pp.php with the computer loaded obfuscated JavaScript file with the name paypalTransactionDetails.jpeg.js. When it is opened on the device downloads the banking Trojan Chthonic is one of the malware variants of Zeus. Once on the system, the Trojan communicates with the C&C server and downloads a previously unknown piece of malicious software AZORult.

Service request means PayPal allows you to attach to the request a notice that an attacker can place a personal message or a malicious link. Here is a double scheme – the user is or may become a victim of fraud and lose $100, or downloaded to your computer banking Trojan, or both" - the experts Proofpoint.

Scale malicious campaign is quite small. According to the researchers, a malicious link was made only 27 times. Experts have already informed the PayPal about the problem.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5