News has broken that security researchers at Slovakia’s ESET have identified a new banking Trojan that bypasses PayPal’s two-factor authentication (2FA) to steal funds – waiting until users have fully logged in before enabling its exploit. The multifaceted malware also has a secondary function, downloading HTML-based phishing overlay screens for five apps – Google Play, WhatsApp, Skype, Viber, and Gmail – an initial list that can be dynamically updated. ESET discovered the malicious software in November.
Corin Imai, Senior Security Advisor at DomainTools:
“Phishing campaigns centred around mobile devices are on the rise. This campaign should be of particular concern to PayPal users, particularly those who re-use credentials across multiple accounts; while a cybercriminal accessing your PayPal account is damaging, the lack of credential hygiene displayed by majority of the population ultimately means access to multiple accounts. If you believe you have installed the malicious android app, it’s imperative you find and delete it from your operating system or wipe your phone, and change all passwords for accounts hosted on your mobile device.”