Although Android has several measures & # 39; security to prevent malware, technology is not perfect and from time to time seen some systems able exceeded them. This is the case of the Trojan detected by ESET that, we have moved in & # 39; application for battery optimization, You & # 39; tisirqu money from the official application & # 39; PayPal.
According to the security firm, the malware found in & # 39; November & # 39; this year and It was distributed by & # 39; & # 39 stores; third parties. When opening the application, the icon (which is the same as & # 39; the Battery Doctor app) disappeared from the Trojan launch and went to work.
Get the money & # 39; PayPal by imitating the touch user
According to ESET, the malware had two functions: stealing money & # 39; PayPal and access cards & # 39; credit users. At first, the Trojan asked malicious user to activate service & # 39; accessibility "to enable the statistics". If the victim was installing & # 39; PayPal installed, the malware sends a notification requesting the user to jibdaha.
Through its openness and its cutting and thanks to the user who activated the service & # 39; accessibility, the Trojan was taking control of the Mission imitating messages & # 39; user sent money to the hacker address. The ESET says that during its test try sending the Trojan 1000 euro and only takes five seconds to complete the process. "For users that jissuspettax there is a viable way to intervene in time", they say.
Since the malware requires that the user enters, authentication f & # 39; two-step is completely useless
The only way in which the attack can & # 39; escape, the company points out, is that it has affected PayPal balance or linked card account. The problem is that The malware is activated every time the app is launched, So, if any, can steal money several times a day. The ESET claims that it had to be able to PayPal & # 39; to take action on the matter.
Also attract bank accounts
The second Trojan used to function attacks & # 39; phising to simulate legitimate and steal banking credentials apps. The malware performs some screens & # 39; overlay based on known apps as WhatsApp, Skype, Gmail VIBER or calling the introduction of the details of the bill, of course, sent to the attacker.
ESET consider the Gmail screen was focused on the possibility to access and delete emails & # 39; PayPal, Since the service sends an email each time a transaction is performed. B & # 39; this way, the user does not know about the JSIS until you & # 39; open the application, the risk of falling victim & # 39; Another theft.
The screens shown superimposed in the foreground as if they were ransomware, so affected could not close them by pressing back or start button. The only way to get rid of the screen was to fill the form with bank details.
They also found Trojans on Google Play oriented Brazilian public. One (Whatsfound) advertised that you & # 39; follow the site & # 39; Other users but in fact used permitted & # 39; accessibility to seek banking apps.
via | ESET
Credits with images | Blogtrepeneur