Legit PayPal Email Contains Malicious Link

PayPalPhishing has gone to a whole new level as cybercriminals have started sending emails from legitimate PayPal accounts with fake money requests and links to malicious websites.

Most likely using compromised PayPal email accounts, the enterprising hackers are getting unsuspecting victims to send them money.  Just as bad or worse, however, is the link in the email.

The link is masked behind a goo.gl link shortener and redirects victims to a website that infects their computer with the Chthonic banking trojan, a variant of the Zeus banking trojan, which steals banking information through a secretly installed keylogger.  So not only can recipients be fooled into giving the hackers money, they can also have their bank login information stolen.

On the upside, the link only seems to have been clicked a couple dozen times or so as of this writing, which tells us that the con is not yet very widespread, meaning it hasn’t been automated yet.  It is, however, a new cyberthreat to be wary of.  No longer is it safe to simply make sure an email is coming from who it purports to be.