New Android malware is able to steal money from people’s accounts, a PayPal service through the opening, even if the user had enabled two-step authentication.Money stolen from PayPal-through the opening. Mostphotos
the Trojans can be found at the end of November the Slovak security house Eset’s researchers. Paypal’s mobile application against the designed malware resembles the network of the banks steal by etähallittavia trojans. It uses an exploit in android’s accessibility for the use of planned features.
according to the researchers, the malware is disguised as, inter alia, your phone battery usage optimoivaksi application. It is distributed to unofficial Android application stores.
Installation and after launching the app hides icons and closes the program. After that, the app will ask access permission to the Android accessibility features: request, the reason is said to “Enable statistics”, i.e. statistics, to collect.
If the device is also paypal’s official app, the malware calls to open it. If the user opens the application online, from malware to transfer money out of her account of the attacker to determine address. Eset’s researchers saw the application trying to transfer via Paypal 1000 euros.
Because the application does not steal the user ids but is hit when the user is logged in to the application, not a two-step authentication to protect the account to a thief.
Malware is yet another gimmick. It looks like a phishing screen for legitimate applications on to find out the victim’s credit card information. Scam boxes are displayed at least on Google Play, Whatsapp, Skype and Viberin on. In addition to Gmail on the display screen, which tries to find out the email ids, so malware can be removed using Paypal sent confirmation messages the transfer of money and stay longer in hiding.
Source: micro-bits