The malware is spread through PayPal

Last updated: July 30, 2016

the malicious program which used the payment service PayPalThe experts of the company Proofpoint found out the malicious program which used the payment service PayPal. The intention was to spread bank malware Chthonic. Attackers use hacked or new users’ accounts for sending e-mail messages as if the staff of the service did it requesting to pay back the money sent to the account by mistake.

It is pointed out in the message that 100$ was mistakenly transferred to the account and it was necessary to return it. The link with screenshot was attached to the message. It confirmed the mistaken transaction in details. Actually the link redirects the user to the page “katyaflash[.]com/pp.php” from which JavaScript-file with the name “paypalTransactionDetails.jpeg.js” is downloaded on the computer. Opening it bank malware Chthonic, the type of scumware Zeus, is downloaded. Moreover, Chthonic contacts with C&C server and previously unknown type of malware AZORult appears.

The cash call service allows attaching the message where attackers can add personal information or a malicious link. In this case there are two ways. The first one implies that the user may become a victim and lose 100%; the second one is to download the virus on your computer.

The consequences are not great. According to the analysis, clickthrough was 27 times. The company PayPal has been informed already.