An enterprising cybercriminal has opened an underground shop that peddles access to American PayPal accounts which are then accessible through an anonymous proxy service.
Webroot’s Dancho Danchev claims that the shop currently has access to 1,543 accounts along with an additional 14 sets of PayPal credentials belonging to British citizens.
The prices vary from $20 for an account with a balance of $300 or so, to a static charge of $3 for accounts with no balance at all. However this criminal entrepreneur is establishing his or her prices, it does not appear that account type (premier vs. personal), the presence of confirmed credit cards or bank accounts, or verification status is incorporated into this formula.
However, if potential buyers want to refine their search through the list of compromised accounts because they are only interested in purchasing premier or verified accounts, then they will have to pony up an extra 10 cents each. Buyers can sort by country, state, and city without charge, but refining searches by zip code will cost an additional 20 cents.
The separation between this and other credential sellers is that these sales are bundled with a Socks5 proxy checker, and not a publically available one. In this way, the nefarious activity of prospective buyers is tracked to some malware infected computer acting as a proxy somewhere and not to their actual IP address.
The same cybercriminal stands to gross more by cashing out the PayPal accounts his or herself. Rather than seeking out the scheme that will earn them the highest profits though, Danchev notes that online criminals often follow the less profitable business model of flipping access to compromised accounts for seemingly cheap prices because it better protects the long-term security of their operation.