Several security researchers have spotted an increase in malware campaigns distributing the TrickBot banking trojan, going after a host of targets ranging from regular e-banking applications to PayPal accounts and business CRMs.
A PayPal phishing campaign is luring victims to a hacked site where a clone of the PayPal login page is trying to trick users into giving away their PayPal credentials, payment card details, and ... a selfie of the user holding his ID card.
During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites.
Security researchers from Proofpoint have come across a sophisticated phishing kit that automates the process of building and deploying high-end phishing pages, and which is extremely efficient at collecting login credentials and user details from PayPal users.
PayPal engineers have removed a "magic word" that would have allowed an attacker to obtain OAuth secret tokens for -- any -- PayPal application and access customer details.
Security researchers have come across a series of Minecraft money adders that promise to give users free in-game coins, but end up stealing their credentials.