Androm Malware Attached to Fake PayPal Payment Notifications

Victims are told that they received a few hundred dollars

  Fake PayPal email
A variant of Androm, the piece of malware that has been recently spread with the aid of fake Booking.com and BlackBerry ID emails, has been spotted in another spam campaign. This time, the attackers rely on PayPal’s name and reputation to ensure the success of their campaign.

A variant of Androm, the piece of malware that has been recently spread with the aid of fake Booking.com and BlackBerry ID emails, has been spotted in another spam campaign. This time, the attackers rely on PayPal’s name and reputation to ensure the success of their campaign.

Entitled “Notification of payment received,” the emails inform the recipient that “they’ve got cash.”

“The number above is the buyer’s receipt ID for this transaction. Please retain it for your records so that you will be able to reference this transaction for customer service,” the notification reads.

Unlike other scams in which potential victims are warned that money has been taken from them, in this case they’re informed that someone transferred $208 (€166) to their accounts, Webroot experts note.

For additional details victims are urged to check the attachment, a file that hides Win32.Androm.fm.

As always, we advise users to avoid opening attachments or clicking on links that come in suspicious emails.

Comments