Vulnerability in PayPal could attract hackers24. May 2022
Vulnerability in PayPal could attract hackers
San Francisco, 5/24/2022
A flaw in PayPal could allow threat actors to steal money from user accounts. The vulnerability was discovered by a security researcher.
The researcher claims that hackers could use clickjacking as a method to trick users into clicking buttons that can download malware to their devices.
Clickjacking is a method used to trick users into clicking on buttons that appear normal but are actually created by the hacker, usually as HTML files, with the aim of redirecting their data to the hacker’s own site.
The “Billing Agreements” section in PayPal should only accept billingAgreementToken, but tests have found that another type of token can be passed, resulting in money being stolen from the victim’s PayPal account.
This attack could also affect other websites that use PayPal for payment transactions and allow the attacker to withdraw large amounts of money from users’ PayPal accounts.