Although Android has several security measures to avoid malicious software, the technology is not perfect, and some systems sometimes appear to miss them. This is the Trojan case discovered by ESET, which, masked in an application to optimize the battery, You can steal money from the official PayPal app,
According to the security firm, malicious software was released in November this year Distributed through third-party storesWhen you open the application, the icon (which is the same as that of the Battery Doctor application) disappears from the launcher and the Trojan goes to work.
Steal money from PayPal by mimicking the user's touches
According to ESET, malware has two features: stealing PayPal money and accessing credit cards to consumersThe Trojan first asked the user to activate a malicious access service to "activate the statistics". If the victim has installed the PayPal app, the malware will send a notification requesting the user to launch it.
By opening it and entering the system, and thanks to the fact that the user has activated the accessibility service, the Trojan takes control of mimicking user dots sent to the hacker's address, ESET claims that during its trials the Trojan gambler tried to send 1000 Euros and that only five seconds were needed to complete the process. "There is no viable way to intervene in time for unsuspecting users," they say.
Because malicious software requires the user to enter, the two-step authentication is completely useless
The only way the attack could fail, the company says, is that the person concerned has no balance on the PayPal account or a linked card. The problem is that malicious software is activated every time the application is started, so if there is, I can make money several times a day. ESET claims to have notified PayPal in order to be able to take action on this issue.
He also attacks bank accounts
The second function of the Trojan is used attacks from phishing simulate legitimate applications and steal bank dataMalicious software downloads some overlay screens based on apps known as WhatsApp, Skype, Viber, or Gmail who asked for the account details that were, of course, sent to the attacker.
ESET considers that the Gmail screen was targeted to the ability to access and delete PayPal emails, as the service sends an email every time a transaction is executed. In this way, the user will not know about the fraud until the application is opened again, with the risk of being the victim of another theft.
The covered screens were shown in the foreground, as if they were ransomware, so those affected could not close them by pressing the back button or the start button. The only way to get rid of the screen was to fill in the bank data form.
They also found it Trojan horses on Google Play orientated towards the Brazilian public. One of them (Whatsfound) has announced that it can track the location of other users, but has actually used an access permission to view banking applications.
Via | ESET
Image Credits Blogtrepeneur