Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Android trojan steals from PayPal app even with 2FA on


Slovakian security firm ESET says it has discovered a new Android trojan that has the capabilities of remotely connected malware with misuse of Android Accessibility services to target PayPal app users.

In a blog post , researcher Lukas Stefanko wrote that right now the trojan was pretending to be a battery optimisation tool and was distributed by third-party app stores.

The app terminated after being launched and hid its icon, with its functionality being in two parts.

Stealing money from PayPal accounts was achieved by activating a malicious Accessibility service guised in the name of "enable statistics". If the official PayPal app was present on the device to which the trojan had been downloaded, then the user would be prompted to launch it.

"Once the user opens the PayPal app and logs in, the malicious accessibility service (if previously enabled by the user) steps in and mimics the user’s clicks to send money to the attacker’s PayPal address," Stefanko wrote.

Android trojan steals from PayPal app even with 2FA on

The pop-up for a malicious Accessibility service guised in the name of "enable statistics".

He said during the analysis carried out by ESET, the app made an attempt to transfer 1000 with the time taken for the process being about five seconds, hardly enough to intervene. The currency would, of course, differ from region to region.

The interesting thing was because this attack was not using the PayPal credentials, it also bypassed the two-factor authentication used by the app.

"Users with 2FA enabled simply complete one extra step as part of logging in― as they normally would ― but end up being just as vulnerable to this trojan’s attack as those not using 2FA," Stefanko wrote.

The attack would fail in the event that the PayPal account in question had an inadequate balance and no payment card linked to it.

The trojan had overlays for five apps: Google Play, WhatsApp, Skype, Viber, and Gmail.

Android trojan steals from PayPal app even with 2FA on

Overlays created by the Android trojan forGoogle Play, WhatsApp, Viber and Skype, requesting credit card details.

Four of these overlays phished for credit card details while the one for Gmail tried to obtain login details for the webmail service.

Stefanko said he had also glimpsed overlays for legitimate banking apps, one example being the app for NAB.

Apart from these two functions, the trojan also had the ability to:

Intercept and send SMS messages; delete all SMS messages; change the default SMS app (to bypass SMS-based two-factor authentication); Obtain the contact list; Make and forward calls; Obtain the list of installed apps; Install app, run installed app; and Start socket communication.
Android trojan steals from PayPal app even with 2FA on
A malicious overlay created by the trojan for the National Australia Bank app. Images: courtesy ESET 47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

Sydney 29-30 November

Brisbane 3-4 December

Melbourne 6-7 December

Register now for YOW! Workshops

Sydney 27-28 November

Melbourne 4-5 December



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

How does business security get breached?

What can it cost to get it wrong?

6 actionable tips


Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images