Android Trojan

A new Android Trojan has been discovered by security researches at ESET, an IT Security company, which is capable of tricking users into transferring money from their Paypal account through the official PayPal app in Android.

The Trojan is said to be able to bypass the two factor authentication feature of PayPal by enabling a malicious accessibility service on the victims’ device.

Android Trojan steals money from PayPal even with 2FA enabled

What does the Trojan do?

While the Trojan has been categorised as a banking Trojan or Malware, it also makes use of a novel accessibility service in Android to steal money from the victims’ PayPal account. It is considered to be highly harmful as it even bypasses the two factor authentication feature enabled in the victims’ PayPal account.

You May Like: 5 Best free VPN Android apps for private browsing 2019

According to the report by ESET, the Trojan affects the victim’s Android device initially through a battery optimization app that the user might have installed from the official Google Play Store in their device or through an APK file from a third party resource.

The Trojan attacks the victims’ device as soon as the malicious app is opened. It immediately hides the app icon without launching and prompts the user into accepting an accessibility service on their Android device called enable statistics.

Once the user has enabled this malicious accessibility service, the Trojan would now send a notification to the victim asking him to launch the official PayPal app if installed on their device.

You May Like: How to Login to Windows PC using Android Fingerprint Scanner

As soon as the victim launches the PayPal app on their device and logs in to his account#, the malicious accessibility service will now forge the user into sending a specific amount of a money to the attacker’s PayPal email address.

Since the victim is just forged into sending money to the attacker by logging into his PayPal account, instead of stealing the login credentials of the user and trying to login by itself, it is able to bypass the two factor authentication feature enabled by the user.

The malicious accessibility service is said to be activated every time an user opens the official PayPal account which means it can steal the user’s money multiple times.

However, it does not perform any malicious activity if there is no sufficient balance or a card has not been linked to the PayPal account of the victim.

You May Like: How to Get Your PC Protected from Latest Malware Attacks

You can watch the below video to more clearly understand the process of this Android Trojan which attempts to steal money from your PayPal account.

What to do if you were attacked by this Android Trojan?

If unfortunately you have been attacked by this Android Trojan and have lost your money from your PayPal account, the first thing to do is to change your internet banking pin or password and also the password of your PayPal account and the corresponding email account that you have linked to it.

You May Like: How To App Lock Automatically When You Leave Home

You can also proceed to inform PayPal about the unauthorized transactions that has happened in your account and wait for necessary actions to be taken.

The researches at ESET who have detected this Android Troan have already reported to PayPal about this issue and hopefully necessary measures would be taken to prevent the user’s against this new Android Trojan.

You can then boot your Android phone into safe mode by holding the power off menu on your device and then proceed to uninstall the ‘Optimization Android’ app from your device to completely remove the Android Trojan from your device.

You May Like: How To Turn Android Phone Into A Security Camera (In 2 minutes)

How to protect yourself from this Android Trojan?

You can take the following precautionary steps to protect yourself from this PayPal money stealing Android Trojan.

You May Like: How To Detect Hidden Cameras With Android Phone

  1. Do not install any App on your Android phone that is not from a trusted source and always check the reviews, developer information and other details about the app before installing it on your device.
  2. Use the Play Protect option in your Google Play Store to manually scan your device for presence of any malicious or harmful apps.
  3. Make sure to read and understand or search information online before you enable any accessibility permission on your Android device.
  4. Always update to your Android device to the latest security update from your device manufacturer and occasionally scan your device using any Antivirus or Anti Malware app.


Your Thoughts