On a daily basis, largely thanks to the efficiency-centered malicious campaigns circulating in the wild, cybercriminals get access to tens of thousands of accounting credentials across multiple Web properties, and most disturbingly, online payment processing services like PayPal.
We’ve recently spotted a newly launched underground E-shop that’s exclusively selling access to hacked PayPal accounts. How much does it cost to purchase a hacked PayPal account on the underground marketplace these days? What pricing method is the cybercriminal behind the service using, and does the newly launched E-shop share any similarities with the E-shop selling access to hacked PayPal accounts that we profiled in 2012?
Financial institutions and online payment processors are a common target for cybercriminals, who systematically brand-jack and abuse the reputation of their trusted brands, in an attempt to scam or serve malware to their customers.
Over the past 24 hours, cybercriminals have launched yet another spam campaign, impersonating PayPal, in an attempt to trick its users into thinking that they’ve received a “Transaction Confirmation“, which in reality they never really made. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit.
Over the past 24 hours, cybercriminals have launched yet another massive spam campaign, this time impersonating both eBay and PayPal, in an attempt to trick their users into clicking on the client-side exploits and malware serving links found in the malicious emails.
A cybercriminal/group of cybercriminals that’s been responsible for a series of malware attacks that I’ve been recently profiling, continues to systematically rotate the impersonated brands and the actual malicious payload dropped by the market leading Black Hole Exploit Kit. The prospective target of their latest campaign? PayPal users.
Sticking to their proven tactic of systematically rotating the impersonated brands, cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick its users into downloading and executing the malicious attachment found in the legitimate looking email.
Largely relying on sophisticated and legitimate-looking phishing campaigns, next to active data mining of a botnet’s infected population, today’s cybercriminals are in a perfect position to monetize these fraudulently obtained assets in the form of compromised accounts.
In this post I’ll profile a newly launched cybercrime-friendly E-shop selling access to compromised accounts belonging primarily to PayPal users, but also, compromised accounts belonging to Apple, Walmart, Ebay and Skype users.
Cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick PayPal users into executing the malicious attachment found in the emails.
Using ‘Notification of payment received‘ subjects, the campaign is relying on the end user’s gullibility in an attempt to infect them with malware. Once executed, it grants a malicious attacker complete control over the victim’s PC.
Sticking to their well proven social engineering tactics consisting of systematic rotation of the abused brands, cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick end and corporate users into interacting with the malicious campaign.
Once the interaction takes place, users are exposed to the client-side exploits served by the Black Hole exploit kit, currently the market share leader within the cybercrime ecosystem.
Cybercriminals are currently mass mailing millions of emails impersonating eBay and PayPal in an attempt to trick end and corporate users into clicking on the malicious links found in the emails. Upon clicking on any of them, user are exposed to the client-side exploits served by the Black Hole exploit kit.
PayPay users, beware! Phishers have just started spamvertising hundreds of thousands of legitimately-looking PayPal themed emails, in an attempt to trick users into entering their accounting data on the fraudulent web site linked in the emails.