Cybercriminals are mimicking the online payment processor PayPal in a malicious spam campaign that attempts to dupe customers into downloading malware from links in seemingly authentic emails, according to a Webroot report written by Dancho Danchev.
The piece of malware in use here is a backdoor that, once downloaded, can be used by an attacker to take complete control of the infected host machine. Danchev writes that some 90 percent of antivirus scanners are detecting the download as ‘backdoor.win32.androm.fm.’
The email that Danchev analyzed can be seen below.
This isn’t by the first time PayPal users have been targeted in malicious campaigns. In fact, customers of the payment processor have been a popular target among phishers for years now. For its part, PayPal has done what it can. They implemented a bug bounty program earlier this year and at least try to educate customers about the dangers of social engineering. However, the reality is that it is almost impossible to prevent criminals from imitating their service, so this problem is not likely to go away any time soon.