An Android Trojan virus has been discovered that has the ability to steal money from PayPal.
According to We Live Security, the malware, which is hiding as a battery optimization tool distributed via third-party app stores, “combines the capabilities of a remotely controlled banking Trojan with a novel misuse of Android Accessibility services to target users of the official PayPal app.”
After being launched, the malware eventually asks for accessibility by asking the user to “enable statistics.” Once enabled, it will then send a notification asking the user to open up the official PayPal application, where the user will sign in normally. The Trojan is then able to use the accessibility service to copy the taps required to send money to a source, and immediately sends $1,000 to the cyber criminal’s PayPal address. The transfer will only fail if the user doesn’t have enough money in their PayPal account to cover the funds.
One positive, as 9to5Google points out, is that the malware is only accessible when downloaded from outside of Google Play. PayPal has also been notified of the issue, so it’s more than likely it will work on an update that stops it.
Last year, it was revealed that as many as 14 million Google Android devices were infected with malicious ransomware called CopyCat. Like this latest Trojan, the malware — which raised up to a million dollars — was housed in third-party app stores, not in Google Play.
At the time, Aaron Stein, a Google spokesperson, said Google Play Protect would protect phones against such malware, adding that “CopyCat is a variant of a broader malware family that we’ve been tracking since 2015. Each time a new variant appears, we update our detection systems to protect our users,” Stein said. “Play Protect secures users from the family, and any apps that may have been infected with CopyCat were not distributed via Play.”