An Android Malware Can Steal Money From PayPal Account

Aadhya Khatri - Dec 14, 2018


An Android Malware Can Steal Money From PayPal Account

ESET discovered a malware that can transfer money from users' PayPal accounts even if they have the 2 factor authentication on.

ESET, a company that provides IT security solutions, has discovered a malware that can transfer money from Paypal without user’s permission even if their 2FA is on. This malicious software hides inside a battery optimization app.

The video below shows how this process works:

The good news here is this app is unavailable on the Play Store but is distributed through a third-party app store, which means not many people have fallen under the threat of the malware.

However, you should not put down your guards just yet. This app contains a system that can initiate money transfer without user’s notice, and when they do, it is often too late.

The malware is able to do this by asking for permission to access Android Accessibility. It is then able to automate OS interactions and screen taps.

Once it gains the access, the system does not transfer any money right away. Both the trojan and the app remain silent until the user logs into the PayPal app. It waits until the user does this on his own or sends a fake notification to trick users into opening the app.

Its next step is to wait for the user to type his 2FA code and then it starts taking action.

Shutterstock 115174897
It takes 5 seconds for this malware to steal user's money

ESET found out about this malware through the device from one of its customers because the malicious software takes advantage of the Android Accessibility to imitate screen taps.

A new PayPal transfer is initiated; next, the PayPal account of the receiver and a sum of money are entered. Finally, the Trojan approves the transfer.

According to Lukas Stefanko, ESET malware analyst, this whole malicious process takes under 5 seconds. If the users do not suspect and take action in time, there is no way they can prevent being stolen from. The default number the Trojan takes is 1000 units in Paypal account currency. In the case of ESET, the sum is €1,000.

The malware is programmed to steal every time the user opens their PayPal app. However, if the user’s account does not have any money left or is empty, it cannot perform its wicked trick.

By abusing the Accessibility, the Trojan can also obtain user’s contact list, steal card details and Google account as well as mobile banking app’s credentials.

PayPal has been notified about this matter, and victims of this app can ask for transaction reversal.

Comments

Sort by Newest | Popular

Read more

Indians Can Now Find The Nearest COVID-19 Vaccination Centers Easily, Here's How

Features- Mar 03, 2021

Indians Can Now Find The Nearest COVID-19 Vaccination Centers Easily, Here's How

People in India can now find the closest COVID-19 vaccination to their location through an Indian map app, and the steps are really easy.

Xiaomi Mi 9T Pro: An All-Rounder, All-Screen Phone

Mobile- Mar 01, 2021

Xiaomi Mi 9T Pro: An All-Rounder, All-Screen Phone

If you want something decent but cheaper than Huawei P30 Pro and Samsung Galaxy Note 10 Plus, Xiaomi Mi 9T Pro is right up your alley

PM Modi Got His COVID-19 Vaccine While Not Wearing A Mask

Features- Mar 03, 2021

PM Modi Got His COVID-19 Vaccine While Not Wearing A Mask

Prime Minister Narendra Modi of India arrived at AIIMS to receive his first dose of the Made-in-India COVID-19 vaccine on March 1.

Woman Spends Rs 1 Lakh On Wedding To Marry Herself

Features- Mar 02, 2021

Woman Spends Rs 1 Lakh On Wedding To Marry Herself

After breaking up with her boyfriend, Meg, a woman from the USA, decided to spend Rs 1.02 lakh on a wedding ceremony to marry herself.

Nike VP Resigns After Son’s Rs 96 Lakh Sneakers Purchase

Features- Mar 03, 2021

Nike VP Resigns After Son’s Rs 96 Lakh Sneakers Purchase

Joe Hebert used his mom's credit card to spend $132,000 or Rs 96 lakh on limited-edition sneakers and resell them at his own small company.

Countries That Have Received COVID-19 Vaccines From India

Features- Mar 01, 2021

Countries That Have Received COVID-19 Vaccines From India

The country has sent over 55 lakh doses of vaccines to its neighboring countries. Here are some countries where India has supplied COVID-19 vaccines.