Chthonic banking trojan is distributed via legitimate PayPal accounts

Chthonic banking trojan is distributed via legitimate PayPal accounts

Spammers have a constant need in sophisticated ideas to bypass existing widely implemented anti-spam solutions. Researchers from Proofpoint have discovered a very interesting attack vector for delivering malware. Although it is not widely used yet, it definatelly rises some concerns.

The criminals abused legitimate PayPal “Request money” functionality to bypass anti-spam protection mechanisms and successfully deliver malicious links to victim’s mailboxes. For this purpose they registered new PayPal accounts or used stolen ones to send money requests to victims. PayPal functionality allows adding arbitrary message to such requests.

The user may fall victim to scam and actually pay requested $100. In addition, link to goo.gl leads to a website, which installs Chthonic banking trojan. Malware is downloaded from the following domains, we suggest blocking access to them:

  • katyaflash.com
  • wasingo.info
  • kingstonevikte.com
  • www.viscot.com
  • 91.215.154.202

Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025