By Dancho Danchev
Cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick PayPal users into executing the malicious attachment found in the emails.
Using ‘Notification of payment received‘ subjects, the campaign is relying on the end user’s gullibility in an attempt to infect them with malware. Once executed, it grants a malicious attacker complete control over the victim’s PC.
Sample screenshot of the spamvertised email:
The malware has a MD5: 9c2f2cabf00bde87de47405b80ef83c1 – detected by 33 out of 42 antivirus scanners as Backdoor.Win32.Androm.fm; Worm:Win32/Gamarue
This isn’t the first time that we’ve profiled PayPal themed malicious campaigns. Go through the following posts to catch up with some of our research regarding related campaigns:
- Spamvertised ‘PayPal has sent you a bank transfer’ themed emails lead to Black Hole exploit kit
- Spamvertised ‘Your Paypal Ebay.com payment’ emails serving client-side exploits and malware
- Spamvertised ‘Confirm PayPal account” notifications lead to phishing sites
- Spamvertised ‘Your Ebay funds are cleared’ themed emails lead to Black Hole exploit kit
Webroot SecureAnywhere users are proactively protected from this threat.