Chthonic banking trojan is distributed via legitimate PayPal accounts

Chthonic banking trojan is distributed via legitimate PayPal accounts

Spammers have a constant need in sophisticated ideas to bypass existing widely implemented anti-spam solutions. Researchers from Proofpoint have discovered a very interesting attack vector for delivering malware. Although it is not widely used yet, it definatelly rises some concerns.

The criminals abused legitimate PayPal “Request money” functionality to bypass anti-spam protection mechanisms and successfully deliver malicious links to victim’s mailboxes. For this purpose they registered new PayPal accounts or used stolen ones to send money requests to victims. PayPal functionality allows adding arbitrary message to such requests.

The user may fall victim to scam and actually pay requested $100. In addition, link to goo.gl leads to a website, which installs Chthonic banking trojan. Malware is downloaded from the following domains, we suggest blocking access to them:

  • katyaflash.com
  • wasingo.info
  • kingstonevikte.com
  • www.viscot.com
  • 91.215.154.202

Back to the list

Latest Posts

Hackers exploit Discord invite system to spread info-stealers and RATs

Hackers exploit Discord invite system to spread info-stealers and RATs

The attackers hijacked expired or deleted vanity invite links on Discord, redirecting users to malicious servers.
16 June 2025
One of longest-running drug marketplaces Archetyp Market shut down in global police op

One of longest-running drug marketplaces Archetyp Market shut down in global police op

The 30-year-old alleged administrator, a German national, was arrested in Spain.
16 June 2025
Anubis ransomware adds destructive wiper module to its malware arsenal

Anubis ransomware adds destructive wiper module to its malware arsenal

The wiper is triggered by a command-line parameter labeled /WIPEMODE, which requires key-based authentication to activate.
16 June 2025