PayPal ‘Notification of payment received’ themed emails serve malware

By Dancho Danchev

Sticking to their proven tactic of systematically rotating the impersonated brands, cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick its users into downloading and executing the malicious attachment found in the legitimate looking email.

More details:

Screenshot of the spamvertised  email:

Detection rate for the malicious archive: MD5: 9c2f2cabf00bde87de47405b80ef83c1 – detected by 39 out of 43 antivirus scanners as Once executed, the sample opens a backdoor on the infected host, allowing cybercriminals to gain complete control over the infected host.

Go through related analyses of spamvertised malicious campaigns impersonating PayPal:

Webroot SecureAnywhere users are proactively protected from these threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

5 thoughts on “PayPal ‘Notification of payment received’ themed emails serve malware

  1. why cant these people who are so smart with these computers put it to good use guess they never read the 10 commandments thou shall not steal let god judge them i cant but i wish they could change their way scotty

    • Malware is close to a billon dollar a year industry, they can make more money with a successful malware campaign in 1 week then they can make in a year, thats the motivation for them.

      Some groups do it to point out the flaws in companies security policies, which is helpful to the company to prevent future attacks. But if the company spent the right amount of money in the first place to set up a good security environment they would never be in the news.

    • It’s because of greed and selfishness, which can be a stronger motivator than keeping the 10 commandments.

  2. Pingback: Fake PayPal Emails Distributing Malware - Digital Forensics — Digital Forensics

  3. Pingback: ‘PayPal Account Modified’ themed emails lead to Black Hole Exploit Kit « Webroot Threat Blog – Internet Security Threat Updates from Around the World

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s