Security firm Webroot has identified an underground shop that’s selling access to over 1,500 PayPal accounts. Most of the compromised accounts belong to users from the United States.
The cybercriminals who sell the information provide potential buyers with information such as account holder’s first name, selling price, account type, balance, and if the associated credit card and bank account are confirmed or not.
For instance, a verified account with a balance of $3 (2 EUR) with the card and the bank confirmed is sold for $3 (2EUR). For $20 (15 EUR), anyone can purchase a verified “premier” account with a balance of $337 (252 EUR).
“What’s particularly interesting regarding this E-shop is the fact that the cybercriminal behind it tried to come up with a value-added service, in this case a built-in Socks5 proxy checker, to be used when interacting with the hacked PayPal accounts for greater anonymity,” Webroot’s Dancho Danchev explained.
The servers are apparently compromised hosts used as anonymization proxies that help cybercriminals avoid being tracked down too easily.