Security Market Segment LS
Wednesday, 27 July 2016 10:44

PayPal accounts being used for Chthonic Trojan


To get around ransomware and other trojan detection methods, cyber criminals have turned to PayPal, using its money request transfer system to distribute the Chthonic Trojan.

Global security vendor Proofpoint says the message from PayPal is legitimate – it is a “You’ve got a money request” that comes from PayPal. The sender does not appear to be faked: instead, the spam is generated by registering with PayPal (or using stolen accounts) and then using the portal to request money.

Email clients like Gmail and others don’t block legitimate PayPal emails – because they are not spoofed. The malicious URL is included in a kosher looking note that purports to provide proof of the transaction request.

Clicking on the link has two effects – it debits your account for $100, and it infects your Windows system with the Chthonic Trojan.

Proofpoint researchers also noticed that Chthonic would also download another module called AZORult. At this time, there are no details on what this module does, and Proofpoint researchers are still investigating its code.

Kevin Epstein, Proof Point’s vice-president, threat operations, said, "This isn't the first time that we've seen threat actors use legitimate services to distribute malware. However, this attack is carefully engineered to not just bypass traditional defences because the messages come from PayPal but also to trick users into paying and clicking through malicious links.

"These kinds of threats are difficult to catch at the client level. Instead, organisations need to be able to dynamically scan URLs at the network/email gateway and detect communication with command and control infrastructure. Of course, user training should come into play as well."

While the campaign is low intensity at this stage, it appears that we cannot trust any organisation that communicates via email – that bodes well for Australia Post and the humble, not so cheap, letter or Telstra and faxes!


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments