researchers have advised the Android users to keep a check on their PayPal
accounts as quite recently, an Android malware has emerged which could easily
dodge the security authentication of the application.
Not of late, a case got
reported wherein a 1,000 pounds attempt at pilfering the victim’s PayPal
account was made.
enters the victim’s PayPal account on their own and easily penetrates the
application’s Two-Factor-Authentication (2FA). There’s no role of harvesting
activated their Two-Factor-Authentication, are susceptible to this attack
The malware which is
reportedly being distributed by a third party, primarily, has the Android’s
PayPal app on its radar. Other malware with the same disposition have also been
Accessibility Services is how the cyber-con behind it all, targets its aim on
organization got its hands on the malware which is distributed on third-party
app stores and was concealed behind the veil of a battery optimization tool
which goes by the name of “Optimization Android”.
been a part of hearsay because of other malware that have been found on it
which possess a similar flair for targeting banking apps.
malware’s key operation is to pilfer money from its target’s PayPal account by initiating
a malicious service into the victim’s system.
service a request is sent to the victim by the so called bland “Enable
device the official PayPal is downloaded, the malware would flash a
notification to launch it.
wait for the user to log into the app. Once that happens, the “Accessibility
Service” would start to impersonate the user’s click and will transfer the
money from the victim’s account to the PayPal Address of the cyber-con.
researchers, the attack doesn’t take more than seconds to fall through and in
no practical reality can a user stop it in time.
that gets transferred hinges on the victim’s location. The work’s done within a
short duration of 5 seconds.
the attackers and the only chance at the users’ safety is the kind of balance
the victim has. That is, if there is less balance in the account than what the
attacker has asked for and no payment cards attached to the account.
PayPal application is launched onto the system, the improper “Accessibility
Service” gets activated, making the device vulnerable to numerous more attacks.
officially contacted and informed about the erroneous makeup of the application
and the risk the users entail.
with an analogous disposition to the Optimization Android have been exposed in
recent times, on the Google App store.
users with this app already on their ‘downloaded apps’ list have potentially by
now entered the trap and fallen prey to the attack.
have also come across this unfortunate attack.
Remedies And Advice From The Researchers
Keep on checking the application for any fishy
transactions. If found, contact the PayPal Resolution Center and report the
Keep track of the PayPal account balance.
It would really help to change the internet banking
and connected e-mail passwords.
Try using “Android’s Safe Mode” and try
uninstalling the app with the name, “Optimization Android”.
Keep your devices updated.
Keep a check on what permissions you grant to the
application so downloaded.
Only use the official Google Play Store App to download