More than 1,500 credentials for PayPal accounts are on sale in an eShop-style website set up by cybercriminals.
The site, discovered by Webroot's Danco Danchev, is selling 1,543 PayPal account details, 14 of which belong to UK customers of the eBay-owned direct payment service.
Prices to ‘buy' access to credentials through a proxy server run by the hackers seem to be linked to amounts of money already resting in the accounts. So an account with $300 (£197) is worth $20 (£13), while an empty account is worth just $3.
There is also an advanced search function to allow illicit bargain hunters the opportunity to refine their shopping by country, state and city. For an extra 20 cents per time, buyers can even sort accounts by zip code.
Meanwhile, a 10 cent charge allows search refinement for only verified or premier accounts on PayPal.
Crucially, each purchase also comes with complimentary access to a custom Socks5 proxy checker, which can help buyers retain anonymity while working within the hacked PayPal accounts. The proxy checkers are actually malware-infected host machines converted into anonymisation proxies which, if their IP is discovered, would bring the trail back to the hacked host rather than the PayPal intruder.
Danchev notes that, as a business model, it would obviously make more sense for the hacker to simply cash-out from all the PayPal accounts rather than sell them at such a heavy loss, but that this method helps them "monetise the fraudulently obtained data as soon as possible" while keeping security tighter to maintain the pirates' future successes in hacking and selling more accounts.