A new trojan on Android steals your money through the official implementation of PayPal

There have been some trojans found on Android from time to time, but this is probably one of the worst. This new threat automates a $1000 PayPal transaction and sends it using PayPal's own official app, even to checking accounts points (2FA).

This is done using different, up-to-date methods and leveraging Android's accessibility services. The trojan currently disguises itself as a named Android optimization tool Android and has reached users' phones through third-party stores. In addition to the official Play store, there are also third-party stores, so advice for beginners: do not te shops of third-party manufacturers. You only use the Play store.

When you install the “Optimization Android” program, a service called “Enable statistics” is created. Of course this service asks track user actions and retrieve window content.

But somewhere things get worse as the Trojan horse can imitate alerts. Creates a notice that looks like these PayPal that pushes the user to connect.

When you tap the notification, it opens the official PayPal application (if installed) and asks the user to log in. Since it is a legitimate attempt to link to the official Paypal application, 2FA does nothing to secure your account, in addition to sending you an extra code that you will normally log in when you place it.

Once logged in, the malicious application takes over the transfer of $ 1000 from your PayPal account to the attacker. This automated process occurs in less than five seconds. ESET made a video of the whole process and it is very crazy how fast the whole process is done:

Once you understand what is happening, it is too late to stop. The only thing that stops the process is that maybe your balance on PayPal is too low and you have not added other funding methods. So, Paypal simply cancels the transaction due to lack of money. Otherwise, you should find out within a week and make a "non-acceptance transaction" on Paypal, asking it to investigate and cancel the transaction, a process that takes at least 1 month.

But it does not end there. Not only does this trojan attack a user's PayPal account, but it also uses Android Screen Overlay to place illegal login screens on legitimate applications.

To trojan προβάλλει HTML οθόνες επικάλυψης στο Google Play, στο WhatsApp, στο Skype και στο Viber και στη συνέχεια τις χρησιμοποιεί για να καταργήσει τα στοιχεία της card. It can also create a Gmail overlay, stealing the user's login credentials.

While the overlay attack is currently limited to the above-mentioned applications, the list could be updated at any time, which means that this type of attack can be expanded at any point to steal any type of information the attacker wants. ESET We Live Security emphasizes that the attacker could explore other options by using the overlay

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).