Do you use the PayPal app? Many people do, mainly because PayPal is a popular form of payment for online businesses. But now there is an Android Trojan which attacks the payment service app.
Find out with us, how to recognise the Trojan and what it actually does.
Trojan attacks PayPal app
There are more than 250 million people worldwide using PayPal as a means of payment, according to the statistics portal, Statista. The UK has over 20 million shoppers that use PayPal each year, with 7 million businesses. It’s no wonder that criminals will try over and over again to get their hands on your money by hijacking this payment method.
PayPal App Endangered by Battery Optimiser
The Android Trojan that attacks the PayPal app hides in a battery optimisation app called Optimization Android. Unfortunately, the app does not improve battery performance. Instead, it can bypass PayPal’s two-factor authentication.
The goal of the fake app is to attack your PayPal account and steal your savings. But how does it actually do this? First of all, the icon of the fake app disappears after you start it. Then the attack begins.
PayPal app manipulated by accessibility
A mandatory requirement for the attack is that you have installed the official PayPal app. If you now load the dangerous battery optimisation app onto your smartphone, it will display a window asking “Use Enable statistics?”. If you click OK, malicious operating aids are activated.
Now you open the PayPal app and log in there, the Trojan imitates the approved operating aids. That way, the attackers will empty your PayPal account. This process takes only a few seconds, so you have little time to react.
Android Trojan does not steal login information
Unlike many other Trojans, this intruder does not steal login data. It just waits until you log in to the PayPal app, and then bypasses the two-factor authentication. The Trojan can only stop an empty PayPal account or the fact that no credit card is linked to the PayPal account.
Every time you log in to PayPal via your smartphone, you activate the Trojan again. The criminals steal your money every time you log in to PayPal.
ESET explained in a YouTube video how the Trojan works:
Other features for attacks
The Android Trojan that attacks the PayPal app has even more features under its hat. It also carries out overlay attacks. This means that it puts masks on legal apps. Only by filling out the masks they disappear again, because “Home” or “Back” button are covered.
Currently it’s know that there are overlays for Google Play, WhatsApp, Skype and Viber. On all of these you will be asked to enter your bank details. In addition,it is known that there are overlay masks for legal banking apps too.
By the way: You can write false information in such masks. The overlay then disappears and you have not revealed your real account details.
What else can the Android Trojan do?
In addition to the features described, the Android Trojan can do even more. These include the following functions:
- Send, intercept and delete SMS messages
- Modification of the standard SMS application, bypassing two-factor authentication
- Retrieve the contact list
- Make and transfer calls
- Get a list of apps you have installed
- Install and run the apps
Of course, you can also protect yourself from this nasty Trojan, which primarily targets the PayPal app: Never download apps from third-party vendors. Also this apparent battery optimisation app comes from a third party and not from the Google Play Store.
You can get even more security when surfing by getting in touch with your local TrustATec partner. We will offer you the latest virus protection for your smartphone and help with the initial setup . Let our professional technicians advise you. Further information about the current Trojan can be found in the article New Android Trojan steals your money using PayPal’s official app.empties PayPal account .