Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
ZDNet: PayPal users have been affected by mysterious charges on their accounts linked via GooglePay. Unauthorized payments range from €1,73 to over €1800 and, interestingly, the majority of victims appear to be from Germany
PayPal users have been affected by mysterious charges on their accounts linked via GooglePay. The issue has been reported on numerous platforms including PayPal’s and Google Pay’s support forums, Reddit, and Twitter, according to Cyber Security Help. Victims report that their Google Pay accounts are being used to make unauthorized purchases, with most of these transactions are being charged through US shopping stores, such as Target stores or Starbucks. The transactions range from €1,73 to over €1800 and, interestingly, the majority of victims appear to be from Germany. Currently, it’s not clear what bug cybercrime fraudsters are exploiting. PayPal told ZDNet they are investigating the issue. A Google spokesperson did not return a request for comment before the article’s publication.
The cyber security experts: The cybercrime illegal transactions appear to be similar to a bug reported in February 2019, but which PayPal did not prioritize to fix. The issue stems when you link a PayPal account to a GooglePay one
German cyber security researcher Markus Fenske claimed these illegal transactions appear to be similar to a bug he and fellow security researcher Andreas Mayer reported to PayPal in February 2019, but which PayPal did not prioritize to fix. Fenske told ZDNet that the issue stems from the fact that when you link a PayPal account to a Google Pay account, PayPal creates a virtual card, complete with its own card number, expiration date, and CVC. When a Google Pay user choose to make a contactless payment using funds from his PayPal account, the transaction is charged via this virtual card. Fenske believes cybercrime hackers found a way to discover the details of these virtual cards and are using them for unauthorized transactions online. This in three ways: by reading card details from a user’s phone/screen; programmatically, by using malware on a user’s device, and guessing it.
The PayPal’s statement
“We never lose sight of the fact that we are entrusted to look after people’s money – PayPal stated -. The security of customer accounts is a top priority for the company. We use advanced fraud and risk management tools to keep our customers and their payments safe. We quickly addressed and fixed this issue, which affected a very small number of PayPal customers using Google Pay in Germany. No personal, financial information was compromised, and no PayPal account was accessed by third parties”. However, “in line with our normal policy, PayPal will refund any unauthorized transactions to customers affected”.