Trojan Paypal malware

We love Greek mythology so we find the Trojan War story interesting. We like the Trojan horse but not the Trojan virus. Unfortunately, the latter is all we can experience. Actually, it’s something you don’t want to see and experience at all. The last related feature was shared last year. Remember the Loapi Trojan? We said it could literally make your Android phone go up in smoke. This time, there’s another Trojan affecting Android mobile users. Specifically, this one preys on PayPal app users and account holders.

The malware was detected last month by ESET. It was found to be misusing some Android Accessibility services. The results vary but the most controversial was the Paypal app users being targeted.

The Trojan is disguised as a battery optimization tool. Good thing it’s not available on the Play Store. You don’t get it from the Android app store but from other third-party stores.

Check if you have the Optimization Android app installed–it’s a trojan malware. What happens is that the app terminates and hides the icon. It doesn’t offer any functionality but can do access and target PayPal maliciously to steal money. You may have chosen the ‘Enable statistics’ service but it only pretends to do so.

This is potentially dangerous because a PayPal user’s money may be stolen. The trojan may access PayPal and then send money to an attacker’s address without the knowledge of the account owner.

The ESET tried team to make a transfer but the currency used depends on the location of the user. A 1000 euros were supposed to be sent but good thing the transfer was unsuccessful.

It tricks the PayPal owner to log into the account and even bypasses the app’s 2FA process. The two-factor authentication is important but because of the trojan, it becomes useless.

Other things the malware can do are as follows:

• Intercept and send SMS messages
• Delete all SMS messages
• Change the default SMS app
• Obtain the contact list
• Make and forward calls
• Obtain the list of installed apps
• Install app, run installed app
• Start socket communication

This trojan isn’t installed from the Google Play Store but there are similar Accessibility Trojans lurking around. There are malicious apps ready to target users, specifically those in Brazil. The devs already reported those malicious apps. Google did remove some of them from the Play Store.

VIA: Welivesecurity