Home Security PayPal accounts being used for Chthonic Trojan

To get around ransomware and other trojan detection methods, cyber criminals have turned to PayPal, using its money request transfer system to distribute the Chthonic Trojan.

Global security vendor Proofpoint says the message from PayPal is legitimate – it is a “You’ve got a money request” that comes from PayPal. The sender does not appear to be faked: instead, the spam is generated by registering with PayPal (or using stolen accounts) and then using the portal to request money.

Email clients like Gmail and others don’t block legitimate PayPal emails – because they are not spoofed. The malicious URL is included in a kosher looking note that purports to provide proof of the transaction request.

Clicking on the link has two effects – it debits your account for $100, and it infects your Windows system with the Chthonic Trojan.

Proofpoint researchers also noticed that Chthonic would also download another module called AZORult. At this time, there are no details on what this module does, and Proofpoint researchers are still investigating its code.

Kevin Epstein, Proof Point’s vice-president, threat operations, said, "This isn't the first time that we've seen threat actors use legitimate services to distribute malware. However, this attack is carefully engineered to not just bypass traditional defences because the messages come from PayPal but also to trick users into paying and clicking through malicious links.

"These kinds of threats are difficult to catch at the client level. Instead, organisations need to be able to dynamically scan URLs at the network/email gateway and detect communication with command and control infrastructure. Of course, user training should come into play as well."

While the campaign is low intensity at this stage, it appears that we cannot trust any organisation that communicates via email – that bodes well for Australia Post and the humble, not so cheap, letter or Telstra and faxes!


With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!


Popular News




Sponsored News