Multiple users have reported on social media unusual activity related to their PayPal accounts. According to cybersecurity specialists, reports relate to unauthorized transactions issued to or from users’ accounts and recorded in history as if they originated from their Google Pay profiles.
Apparently there is a group of threat actors behind this incident. These hackers would have exploited the integration of PayPal and Google Pay, a feature used to link both accounts and create a virtual card. Users can make payments using this card, although PayPal does not ask for additional authorizations to make these transactions.
According to cybersecurity specialists, there are at least three ways attackers could have accessed information on these virtual cards:
- Accessing card details from users’ devices
- Using a malware variant to steal information from devices
- Using brute force attacks
In a statement, PayPal mentioned that he was aware of the situation, although it was revealed that for now the company cannot reveal further details, as the authorities have already begun to investigate the incident.
The researchers also mentioned that most of the reports related to this incident originate in Germany. One of the compromised users in the European country even mentions that this incident could be related to a known vulnerability in PayPal that would allow access to this confidential information to perform unauthorized transactions. “PayPal allows <<contactless>> payments through Google Pay. If this feature is configured, virtual card details can be accessed from a smartphone, without authentication. That’s why virtually anyone near a smartphone with this feature enabled could access the virtual card details, extracting credit from the victim’s PayPal account,” says the user.
Cybersecurity experts believe this is really possible, although it is necessary to say that there are no official confirmations. According to the International Institute of Cyber Security (IICS), PayPal has begun to verify all transactions possibly made due to this incident, so users expect to be able to recover their assets.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.