Recently there have been some malicious trojans found on Android, but the newest one is probably the worst of them all. This new threat automates a PayPal transaction for $1,000 and sends it using the official PayPal app. Even users that have enabled two-factor authentication on their phones are still at risk.
This trojan works by leveraging Android’s Accessibility Services. It disguises itself as an Android optimization tool and has been making its way onto users’ phones through third party app stores (which is one more reason not to use them).
When this app is installed, it also creates an accessibility service called “enable statistics.” Even though this request seems harmless, it will allow the app to monitor the users’ actions and retrieve window content. It also allows the trojan to emulate touches, and will generate a notification that looks like it’s from PayPal, urging the user to log in.
When the user taps this notification, it opens the official PayPal app (if installed). The app then prompts the user to log in. Since this is a legitimate login attempt, two-factor authentication does nothing to secure the account. Once you are logged in, the app takes over, transferring $1,000 from your PayPal account to the attacker. The entire process happens in just seconds. The only thing that stops the process it if the PayPal balance is too low.
Here is a video that shows the process in action: https://www.youtube.com/watch?v=yn04eLoivX8
To keep your device safe from these transactions, be sure to:
1. Only install apps from Google Play. Avoid third party app stores, especially ones that promise paid apps for free.
2. Be extra cautious when sideloading (transferring files you already own to your device from Bluetooth or WiFi).
3. Don’t install pirated apps. This potentially opens you up to all sorts of malicious attacks.
Need Help?
Call LI Tech Advisors!
631-422-0969
Anthony has been in the MSP business since before the acronym existed. Managed IT once started as break-fix solutions and some light phone support.
Since then, he has seen the industry flourish into a landscape of platforms, cloud servers, software tools and AI . Tailoring network configurations and software stacks to the specific needs of each business.
In his current role, he focuses on proactive planning, ensuring clients can avoid potential issues altogether. This involves meticulous planning for enhanced business continuity, allowing swift resolution of any unforeseen challenges. What initially began as addressing "fires" through break-fix solutions has evolved into a proactive approach, ensuring that such issues are prevented from arising in the first place.
