There’s a frightening PayPal Android Trojan that attempts to raid your account sending large sums of money from your PayPal account (possibly bank card funded) to a PayPal account controlled by the hacker.
The scary part is that the Android Trojan makes use of your genuine PayPal app to complete the transaction.
The good news is that the Trojan is distributed by third party app stores so if you only ever use Google Play and block third party apps (the default setting on most Android handsets) then you should be safe.
It’s quite a sophisticated Trojan and can even bypass PayPal two factor authentication (where PayPal send you a one time PIN via a text message). Once you’ve logged into your PayPal account, the Trojan takes over in in the blink of an eye replicates keystrokes to try and send £1000, €1000 or $1000 depending on your region.
The PayPal Android Trojan masquerades as a battery optimization tool and once it’s installed itself and is activated then hides and removes it’s icon from view. It has various functions and the PayPal function presents itself as an ‘Enable Statistics’ screen and the prompts you to log in to your official PayPal app. Once you are logged in it is too late and the transaction will be attempted and if you have funds available or a funding source there will be no time for you to intervene and try to stop the transaction from taking place.
The other functions of the Trojan are to insert overlay apps for various apps such as Skype and Whatsapp and also some banking apps in a less sophisticated attempt to get users to enter their credit card details. The Trojan may also attempt to get you to log into your Google and Gmail account.
The best advice for staying safe is never to download apps from unknown sources and be vary wary of enabling third party app stores to install apps on your Android device. It may be tempting and indeed even Amazon have in the past offered apps for Android for non-Amazon devices. Blocking apps from third party app stores is a key step to keeping your device secure so, if you do use third party sites, be very aware of the dangers.
If you are compromised then obviously the normal steps of changing passwords on all your accounts including Google, notifying your bank, credit card company and PayPal of any fraudulent transactions and monitoring your accounts is key.
3 Responses
Scary stuff.
Always funny when the advice offered for digital things is completely out of
proportion to the advice offered for real world things.
“a man was ran over in the street in Coventry today. Remember never to leave the house so it doesn’t happen to you. Cars only happen outside the house.”
Google & apple thoroughly recommend you never leave the app store, because they charge 30% on everything sold in the app store.
being in the app store is no actual guarantee that you’re safe, though it does help, much like never leaving the house.
I am a dinosaur, I still wont have any financial apps on my phone