Sticking to their proven tactic of systematically rotating the impersonated brands, cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick its users into downloading and executing the malicious attachment found in the legitimate looking email.
Screenshot of the spamvertised email:
Detection rate for the malicious archive: MD5: 9c2f2cabf00bde87de47405b80ef83c1 – detected by 39 out of 43 antivirus scanners as Backdoor.Win32.Androm.fm. Once executed, the sample opens a backdoor on the infected host, allowing cybercriminals to gain complete control over the infected host.
Go through related analyses of spamvertised malicious campaigns impersonating PayPal:
- Spamvertised ‘PayPal has sent you a bank transfer’ themed emails lead to Black Hole exploit kit
- Spamvertised ‘Confirm PayPal account” notifications lead to phishing sites
- Spamvertised ‘Your Paypal Ebay.com payment’ emails serving client-side exploits and malware
- Cybercriminals spamvertise PayPay themed ‘Notification of payment received’ emails, serve malware
Webroot SecureAnywhere users are proactively protected from these threats.