Hackers use an unknown method to charge fraudulent PayPal accounts with GooglePay. These transactions are charged in the United States through Target stores or Starbucks even though the account holders are in Germany.
From 22 February, several people in Germany announced [1, 2, 3, 4, 5 and 6] that their paypal accounts linked to Google Pay ranged from € 1,73 to more than € 1800 for fraudulent transactions.
Most confirmed that their accounts had been checked with small transactions ranging from € 0.01 to € 4.00 for the first time. Shortly after, several charges from the Target stores in the United States were affected, with the bulk in New York and North Carolina.
Once users first identified the issues, the refund of PayPal was difficult.
Today, members of the German Facebook Group “Google Pay / Paypal / Goal Hack 2020 Victims” say that PayPal has begun repaying fraudulent charges.
The user posted on the Facebook account “Some others and I have already received e-mails from PayPal saying that the reported payments will be credited to the linked bank accounts.”
PayPal told another user that they were investigating the issue and would reimburse all affected users.
If you are affected by the attack, then you should contact PayPal immediately and dispute the transaction.
Possible link to a Paypal vulnerability reported
After the German media started reporting these fraudulent transactions, a security investigator known as’ iblue’ has tweeted that this could relate to a vulnerability reported to PayPal a year earlier.
The vulnerability reported by iblue allows nearby mobile users to read and deduct the virtual credit card from the related PayPal account.
“Issue: PayPal allows contactless payments via Google Pay. If you have set it up, you can read the card details of a virtual credit card from the mobile, if the mobiles device is enabled. No auth.
So basically anyone near your mobile phone has a virtual credit card which deducts money from your PayPal account. Its not limited in validity or amount.”
It is unknown whether this is the exploit used in current fraudulent charges, and why the nearby virtual cards in Germany would be targeted from US targets.