PayPal Vulnerability Allows Hackers to Steal All Your Money

Status
Not open for further replies.
S

sinu

Thread author
A critical security vulnerability has been discovered in the eBay owned global e-commerce business PayPal that could allow attackers to steal your login credentials, and even your credit card details in unencrypted format.
As it sounds, the domain is used to conduct secure online payments when purchasing from any online shopping website. It enables buyers to pay with their payment cards or PayPal accounts, eliminating the need to store sensitive payment information.

However, it is possible for an attacker to set up a rogue online store or hijacked a legitimate shopping website, to trick users into handing over their personal and financial details.
Here's what the researcher calls the worst attack scenario:

  • An attacker need to set up a rogue shopping site or hijack any legitimate shopping site
  • Now modify the "CheckOut" button with a URL designed to exploit the XSS vulnerability
  • Whenever Paypal users browse the malformed shopping website, and click on "CheckOut" button to Pay with their Paypal account, they'll be redirected to the Secure Payments page
  • The page actually displays a phishing page where the victims are asked to enter their payment card information to complete the purchasing
  • Now on clicking the Submit Payment Button, instead of paying the product price (let's say $100), the Paypal user will pay the attacker amount of attacker's choice
 
  • Like
Reactions: marg
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top