even Though Android has several security measures to prevent malware, the technology is not perfect and from time to time appear some systems capable of saltárselas. It is the case of the trojan discovered by ESET, camouflaged in an app from the optimization of battery life, can steal money from the app official PayPal.
according to the security firm, the malware was detected in November of the same year, and is distributed via stores of third parties. When you open the app, the icon (which is the same as that of the app Battery Doctor) disappeared in the launcher and the trojan is put hands to the work.
Steal money from PayPal by mimicking the touches of the user
According to ESET, the malware had two functions: steal money PayPal and access to the credit cards of users. For the first, the trojan asking the user for the activation of an accessibility service malicious to “enable statistics”. If the victim had the app PayPal installed, the malware would send a notification asking the user that started up.
When you open it and sign in and thanks to that the user had activated the accessibility service, the trojan took control and mimicking the touches of the user to send money to the address of the hacker. ESET account that during their trials, the trojan tried to send 1000 euros and it takes only five seconds to complete the process. “For an unsuspecting user there is no feasible way to intervene in time”, they said.
The only way in which the attack may fail, pointing from the company, is that the patient does not have a balance in the PayPal account or card linked to it. The problem is that the malware becomes active every time you launch the app, for what, if any, could steal money several times a day. From ESET say they have alerted PayPal to be able to take letters in the matter.
it Also attacks the bank accounts
The second function of the trojan is worth of attacks phishing to simulate apps legitimate, and to steal banking credentials. The malware downloaded a few screens of overlay-based apps-known as WhatsApp, Skype, Viber or Gmail, that demanded the introduction of the details of the account that, of course, were sent to the attacker.
From ESET believe that the Gmail screen was focused to be able to access and delete emails from PayPal, since the service sends an email every time you make a transaction. So the user is not would know of the scam until open the app again, running the risk of going to be the victim of another burglary.
The screens superimposed is displayed in the foreground as if it was a ransomware were so the affected person could not close them by pressing back or the home button. The only way to get rid of the screen was filling out the form with the data bank.
have Also found trojans in Google Play aimed at the brazilian audience. One of them (Whatsfound) announced to be able to track the location of other users, but in reality they were using a ” permit accessibility to navigate in the apps banking.
we Also recommend
The news ESET alert of a trojan on Android capable of stealing money from the app PayPal was originally published in Xataka Android by Jose García Nieto .
December 12, 2018
- ← Alan Moore has written a movie titled ‘The Show’ and this is his first picture
- Affaire: Apprendre à construire un ordinateur ou mise à niveau de votre ordinateur portable →