The emails take the form of a notification about a received payment in the amount of $208, but does not say what the payment is for:
Counting on the fact that the recipients will be curious about a payment that they weren't expecting, the spammers offered an attachment that supposedly contains details about it.
Unfortunately, the attached file is a backdoor Trojan, and the only positive thing about it is that it is currently detected by the majority of the most popular AV solutions out there.
Users are always advised to ignore unsolicited emails carrying attachments and embedded links.
In this case, if the curiosity is too much to handle, a visit to your PayPal account the regular way - by entering the URL in the browser yourself or using a bookmark you have created - can help you and keep you safe.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.