ESET is warning of a trojan on Android capable of stealing money from the app PayPal

ESET alert of a trojan on Android capable of stealing money from the app PayPal

even Though Android has several security measures to prevent malware, the technology is not perfect and from time to time appear some systems capable of saltárselas. It is the case of the trojan discovered by ESET, camouflaged in an app from the optimization of battery life, can steal money from the app official PayPal.

according to the security firm, the malware was detected in November of the same year, and is distributed via stores of third parties. When you open the app, the icon (which is the same as that of the app Battery Doctor) disappeared in the launcher and the trojan is put hands to the work.

Steal money from PayPal by mimicking the touches of the user

According to ESET, the malware had two functions: steal money PayPal and access to the credit cards of users. For the first, the trojan asking the user for the activation of an accessibility service malicious to “enable statistics”. If the victim had the app PayPal installed, the malware would send a notification asking the user that started up.

When you open it and sign in and thanks to that the user had activated the accessibility service, the trojan took control and mimicking the touches of the user to send money to the address of the hacker. ESET account that during their trials, the trojan tried to send 1000 euros and it takes only five seconds to complete the process. “For an unsuspecting user there is no feasible way to intervene in time”, they said.

Because the malware requires the user to log in, the authentication in two steps is completely useless

The only way in which the attack may fail, pointing from the company, is that the patient does not have a balance in the PayPal account or card linked to it. The problem is that the malware becomes active every time you launch the app, for what, if any, could steal money several times a day. From ESET say they have alerted PayPal to be able to take letters in the matter.

it Also attacks the bank accounts

Screens Fake Trojan

The second function of the trojan is worth of attacks phishing to simulate apps legitimate, and to steal banking credentials. The malware downloaded a few screens of overlay-based apps-known as WhatsApp, Skype, Viber or Gmail, that demanded the introduction of the details of the account that, of course, were sent to the attacker.

From ESET believe that the Gmail screen was focused to be able to access and delete emails from PayPal, since the service sends an email every time you make a transaction. So the user is not would know of the scam until open the app again, running the risk of going to be the victim of another burglary.

The screens superimposed is displayed in the foreground as if it was a ransomware were so the affected person could not close them by pressing back or the home button. The only way to get rid of the screen was filling out the form with the data bank.

have Also found trojans in Google Play aimed at the brazilian audience. One of them (Whatsfound) announced to be able to track the location of other users, but in reality they were using a ” permit accessibility to navigate in the apps banking.

Via | ESET image Credits | Blogtrepeneur

we Also recommend

All that we learned of the wine seeing these five inspirational films

Most chinese manufacturers under suspicion: some mobile phones Leagoo and Nomu are infected with a trojan

Android does not escape the ransomware: the most serious threats and how to avoid them

The news ESET alert of a trojan on Android capable of stealing money from the app PayPal was originally published in Xataka Android by Jose García Nieto .

Xataka Android

ESET is warning of a trojan on Android capable of stealing money from the app PayPal
Source: english  
December 12, 2018

Next Random post