New Android Malware Steals Money From Your PayPal Account Even With 2FA Feature On.
According to ESET security researcher Lukas Stefanko, a new Android Trojan uses a novel Accessibility-abusing technique that targets the official PayPal app, and is capable of bypassing PayPal’s two-factor authentication.
How it Works?
The malicious threat actors work on fake battery optimization app, after installing it asks to victim to activate an accessibility service.
While ‘Enable Statics’, then it will ask to launch the PayPal App for malicious activity, after successful login , it will automatically operate PayPal app to transfer the money.
Even if you have enabled two factor authentication (2FA), it bypasses PayPal’s two-factor authentication (2FA).
During ESET researcher analysis, the app attempted to transfer 1000 euros, however, the currency used depends on the user’s location. The whole process takes about 5 seconds, and for an unsuspecting user, there is no feasible way to intervene in time.
The attackers fail only if the user has insufficient PayPal balance and no payment card connected to the account. The malicious Accessibility service is activated every time the PayPal app is launched, meaning the attack could take place multiple times.
Besides the two core functions described above, and depending on commands received from its C&C server, the malware can also:
- To obtain the contact list
- To Make and forward calls
- To Obtain the list of installed apps
- Install app, run installed app
- To Start socket communication
- It can Intercept and send SMS messages, delete all SMS messages, change the default SMS app (to bypass SMS-based two-factor authentication)
The Cyber security researchers also found five malicious apps, which is similar capabilities in the Google Play store and targeting Brazilian users. Some of these apps also reported by Dr. Web and now removed from Google Play, posed as tools for tracking the location of other Android users.
How to be Protect of these kind of Apps?
- Avoid Third Party App Stores
- Always Visit HTTPS enabled secure websites for any Payment.
- Use Mobile Antivirus
- Avoid Wi-Fi Hotspots in Public
- Always make sure to check the number of downloads, app ratings and the content of reviews before downloading apps from Google Play store.
- Be alert to what permissions you grant to the apps during app install.
Video Demo by ESET-