Experts from Proofpoint discovered that the Banking trojan Chthonic was distributed via legitimate PayPal accounts by abusing the money request feature. The attackers in this way could bypass anti-spam filters and antivirus solutions because the emails come via genuine PayPal accounts. Chtonic is a strain of the most notorious Zeus Trojan, the researchers spotted a new campaign leveraging on emails sent by genuine PayPal account holders. One sample analyzed by Proofpoint was not detected by Gmail because the message appeared to be legitimate.”]
Source: https://securityaffairs.co/wordpress/49891/cyber-crime/paypal-chthonic-trojan.html