Spreading viruses trough email spam is nothing new. Most viruses mimic legitimate services to get users to click on their malicious connection and get infected. It’s rare, however, for email sent from legitimate source to be infected with malware. This is exactly what happened to PayPal recently. The attack was reported by ProofPoint.
How Did the Chthonic Spread?
Crooks spreading the Chthonic variant of the Zeus trojan virus used legitimate PayPal e-mail address to send a malicious redirect. The crooks hijacked a service for money requests. That’s why it’s almost impossible to distinguish the infected emails from the real ones. The money request could include a text message. That’s how the crooks smuggled the URL containing a malicious connection. Once clicked, the link automatically downloaded an infected JavaScript file named “paypalTransactionDetails.jpeg.js” which contained the Chthonic virus. AZORult is a module that’s reportedly downloaded by Chthonic . It’s still unknown what it does.
The Scale of the PayPal Attack Was Small
ProofPoint reports that the malicious connection was click 27 times, which is a small number when it comes to virus infection. While that’s good, the troubling part of the story is that neither Google nor PayPal detected the virus before it was already sent to users. It goes to show that even big companies aren’t safe from crafty hacking. Always be careful while clicking on anything sent by email.
Email Spam Campaigns and Viruses
The tactic used by Chthonic virus is rather unconventional, as most virus campaigns merely mimic big companies without hijacking their legitimate email services. The most common way of spreading malware is to mask the malicious email to look like they’re sent from legitimate companies like Microsoft, or indeed, PayPal. These emails often include an urgent sounding title like “Your account has expired”, “There was an unauthorized transaction” or “Your computer is at risk.” While this is also a dangerous trick, it’s much easier to tell the fake emails apart from the real ones. These emails aren’t sent by the legitimate email address of the companies they’re claiming to be from. You can check a link by putting your mouse cursor on it without clicking. A small textbox will appear, showing you the URL of the connection. If it’s something shady or disingenuous, don’t click it. Another email trick is the tech support scam. Again, crooks use emails that resemble those of a legitimate service and try to trick people into doing something harmful to them. Often, it’s demanding money to solve a fictitious problem. User vigilance can eliminate most cyber-security risks. If that fails, then you can try to remove the problem by consulting an anti-malware/ anti-PUP guide.