A new Android Trojan that targets the official PayPal app has been discovered. Discovered by global cyber security firm ESET, the malware is masquerading as a battery optimization tool, distributed via third-party app stores. The biggest threat of this malware is that it does not rely on stealing PayPal login credentials; it instead waits for users to log into the official PayPal app themselves. It also bypasses PayPal’s two-factor authentication.
In this brand new blog, ESET outlines the two main functions used to attack victims:
1) A pop-up box which activates a malicious accessibility service
2) Phishing screens covertly displayed over targeted, legitimate apps used to phish for credit card details and Gmail login credentials.
What should victims do?
Those who have installed this malicious app will have likely already fallen victim to one of its malicious functions. ESET advises anyone affected to do the following:
- Check your bank account for suspicious transactions
- Consider changing you internet banking password/PIN and Gmail password
- Report any unauthorized PayPal transactions in PayPal’s Resolution Center
- For devices that are unusable due to a lock screen overlay displayed by this Trojan, use Android’s Safe Mode, and proceed with uninstalling an app named “Optimization Android” under Settings > (General) > Application manager/Apps.