Spammers have a constant need in sophisticated ideas to bypass existing widely implemented anti-spam solutions. Researchers from Proofpoint have discovered a very interesting attack vector for delivering malware. Although it is not widely used yet, it definatelly rises some concerns.
The criminals abused legitimate PayPal “Request money” functionality to bypass anti-spam protection mechanisms and successfully deliver malicious links to victim’s mailboxes. For this purpose they registered new PayPal accounts or used stolen ones to send money requests to victims. PayPal functionality allows adding arbitrary message to such requests.
The user may fall victim to scam and actually pay requested $100. In addition, link to goo.gl leads to a website, which installs Chthonic banking trojan. Malware is downloaded from the following domains, we suggest blocking access to them:
- katyaflash.com
- wasingo.info
- kingstonevikte.com
- www.viscot.com
- 91.215.154.202