Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Accessibility Trojan malware steals PayPal money


Accessibility Trojan malware steals PayPal money

We love Greek mythology so we find the Trojan War story interesting. We like the Trojan horse but not the Trojan virus. Unfortunately, the latter is all we can experience. Actually, it’s something you don’t want to see and experience at all. The last related feature was shared last year. Remember the Loapi Trojan? We said it could literally make your Android phone go up in smoke. This time, there’s another Trojan affecting Android mobile users. Specifically, this one preys on PayPal app users and account holders.

The malware was detected last month by ESET. It was found to be misusing some Android Accessibility services. The results vary but the most controversial was the Paypal app users being targeted.

The Trojan is disguised as a battery optimization tool. Good thing it’s not available on the Play Store. You don’t get it from the Android app store but from other third-party stores.

Check if you have the Optimization Android app installed it’s a trojan malware. What happens is that the app terminates and hides the icon. It doesn’t offer any functionality but can do access and target PayPal maliciously to steal money. You may have chosen the ‘Enable statistics’ service but it only pretends to do so.

This is potentially dangerous because a PayPal user’s money may be stolen. The trojan may access PayPal and then send money to an attacker’s address without the knowledge of the account owner.

The ESET tried team to make a transfer but the currency used depends on the location of the user. A 1000 euros were supposed to be sent but good thing the transfer was unsuccessful.

It tricks the PayPal owner to log into the account and even bypasses the app’s 2FA process. The two-factor authentication is important but because of the trojan, it becomes useless.

Other things the malware can do are as follows:

Intercept and send SMS messages

Delete all SMS messages

Change the default SMS app

Obtain the contact list

Make and forward calls

Obtain the list of installed apps

Install app, run installed app

Start socket communication

This trojan isn’t installed from the Google Play Store but there are similar Accessibility Trojans lurking around. There are maliciousapps ready to target users, specifically those in Brazil. The devs already reported those malicious apps. Google did remove some of them from the Play Store.

VIA: Welivesecurity

Story Timeline New virus family discovered, more trojan than just adware Dvmap is a rooting malware, first Trojan with code injection capabilities The Loapi Trojan can literally make your Android phone go up in smoke

Viewing all articles
Browse latest Browse all 12749