A major piece of malware is affecting Android users. An Android Trojan is able to steal money from PayPal accounts. The Trojan managed to bypass the 2-factor authentication as well. Many users were put at risk.
What we know for now is that Google Play is not the source of this Trojan. Instead, it appears that the victims installed a battery optimization app which is available on third-party app stores. Once the app is opened, it will immediately close as well.
The user is asked by the app to “enable statistics”, which allows it to access Accessibility options. After this is enabled, the user also receives a notification prompting them to open the PayPal app. The user opens the app and signs in, going through any authentication prompts.
However, once the user has signed in the Trojan uses the accessibility service. It copies the taps needed to transfer money to another address. Usually, 1000$ are sent to the PayPal address of the attacker. This doesn’t take more than a couple of seconds for this to happen.
Every time the user tries to open the app, the process repeats itself one more time. It is impossible to stop it, and it will only come to an end if there is no linked card or account AND if there aren’t enough money in the PayPal.
Stay safe
At the moment the source of the Trojan is unknown. Nonetheless, PayPal has been notified of this issue and we expect a fix for it coming soon. If you want to stay safe, it is recommended that you avoid third-party apps. Make sure that you download just apps from the Google Play Store, as those are verified and (usually) safe enough to use.
Henry Lares is still early into his career as tech reporter but has already had his work published in many major publications including Tech Crunch and the Huffington Post. In regards to academics, Henry earned an engineering degree from Apex Technical School. Henry has a passion for emerging technology and covers upcoming products and breakthroughs in science and tech.