Wednesday , January 27 2021

How can a malware disguised as an app on Android steal 1,000 euros from a PayPal account in 5 seconds

The security company ESET discovered a new malware spoiled as a battery optimizer that was called Android optimization The tool allows criminals to take control of a PayPal account and steal money in seconds without the user being able to stop it.

Malware was discovered in November, and the details of it have been published a few hours ago. The app is distributed in third party apps (it's not in the official Google Play store). In addition, malware is not just a performance of the bank's Trojan, but can utilize Google's Accessibility Services, designed to help disabled people, to trick users into giving criminal control over the phone. . As explained in the motherboard:

When malware is installed, the user asks for permission to "Enable Statistics." This innocent audio feature allows malware and its creators to receive notifications when the user interacts with specific applications and inspects the contents of the window they interact with. In other words, cybercriminals allow remote control of the phone when the user opens certain applications. In this case: PayPal, Google Play, WhatsApp, Skype, Viber, Gmail and some banking applications.

As explained by ESET, the most dangerous malware feature is activated when users open the PayPal application. At that time, if they have fallen to the "Enable Statistics" trick, malware takes over and sends the payments to the criminals. This works even if the user has two-factor authentication enabled because malware only expects the user to log in, as shown in the video above made by ESET. As the signature on his side explains:

The whole process takes about 5 seconds, and for an unsuspecting user there is no viable way to intervene in time. Attackers only fail if the user does not have enough PayPal balance and does not have a payment card attached to the account. The malicious accessibility service is activated every time the PayPal application is launched, which means that the attack could take place several times.

What to do? As it has been said countless times, be very careful distrust programs that you do not know and are not on Google Play. [Motherboard]

Source link