Hackers Abusing PayPal Accounts, Make Mass Unauthorized Payments

Recent reports reveal that hackers are exploring a vulnerable bug at PayPal’s online platform. According to the reports, the vulnerability allows hackers to carry out illegal transactions. The vulnerable bug is seen within the Google Pay integration of PayPal , as it allows hackers to illegally order products online and incur unauthorized charges.

bug and exploitation was discovered when some PayPal users reported some
irregularities in their payment history. But it appears most of the affected
users are German users.

on testimonies and various screenshots the victims provided, most of the
illegal transactions are carried out at specially target stores.

Some PayPal users have reported a loss of funds from their PayPal accounts. While some users lost a few hundred euros per account, some have reported tens of thousands of euros in a single transaction. In February last year, some security researchers reported the vulnerability to PayPal. However, the online payment platform was not able to fix the bug. Now, PayPal has stated that it’s investigating the situation and would let the public know of its findings as soon as possible.

 Users started noticing some irregularities in
their transaction history since Friday last week. Some of the PayPal users immediately
contacted PayPal as they started seeing some strange transactions appear in
their PayPal history through the Google Pay account.

users have also reported the issues on several platforms, including Twitter,
Reddit, Paypal’s forums, as well as both Google’s German and Russian support

Google spokesman declined to comment on the situation. However, Paypal said
it’s presently investigating the situation and would clear the air about the
attack very soon.

In a message on Twitter, Markus Fenske, a German security researcher, opined that the illegal transactions people have reported over the weekend appear to be related to a bug he pointed out to PayPal barely a year ago. He said he and fellow researcher Andreas Mayer informed PayPal about the bug in February last year. However, it seems the company did not prioritize fixing the bug.

also revealed that the main problem stems from the fact that when a user links PayPal
to his Google Play account, PayPal generates a virtual card with a different
card number, CVC, and expiration date.

to him, when the user decides to make virtual payments via his PayPal account,
the transaction is charged through his virtual card.

the virtual card was locked to POS transactions only, there would be no issue,
but PayPal allows this virtual card to be used for online transactions,”
said Fenske.

now thinks hackers have maneuvered their way to know the details about the
virtual cards, and are utilizing these details for unauthorized online

Fenske said that a hacker or attacker could get hold of virtual cards in three different ways. First, they can guess the details. Second, they could use malware that infected users’ devices. Thirdly, they could read the card details of the user through the users’ screen or phone.

also added that CVC is not relevant in the details because any could be

The main information is something the attacker has worked on for a long time. He pointed out that it’s almost a year from the time he and his fellow researchers reported the vulnerability till now. That’s enough time for somebody to figure out a lot of things about users’ accounts, and the bug vulnerable bug made their job easier.

and his colleague are still insisting that even if the details of the attack
fit the description of a bug they discovered last year, they are still not sure
what’s the main cause of the attack.

a similar note, PayPal started its investigation into the situation, especially
the unauthorized use of user’s details to pay for goods and services online.
The company is still investigating whether there is a connection between the
bug last year and the current one.

PayPal spokesperson said the main goal of the company is to protect the
accounts of its customers. He said the company is reviewing and accessing the
situation as well as the information to make sure customers’ best interest is