Android users are being warned by security experts about terrifying malware that can steal hundreds of pounds from the official PayPal app.
The Android malware is capable of bypassing the two-factor authentication of the PayPal app and in one reported case tried to steal almost £1,000.
The malware that targets the Android PayPal app is being spread through third-party marketplaces, but similar ones have been discovered on the Google Play Store.
The Android malware was discovered by security experts at ESET, who outlined their findings online.
They explained that the malware exploits the Android Accessibility services to target the official PayPal app.
ESET found the malware was hidden in a battery optimization tool called Optimization Android being distributed on third-party app stores.
Similar pieces of malware, which target other banking apps, have been discovered on the Google Play Store, researchers said.
In a post online ESET researcher Lukas Stefanko explained: “The malware’s first function, stealing money from its victims’ PayPal accounts, requires the activation of a malicious Accessibility service.
Android fans are being warned about malware that targets the PayPal app
“This request is presented to the user as being from the innocuous-sounding ‘Enable statistics’ service.
“If the official PayPal app is installed on the compromised device, the malware displays a notification alert prompting the user to launch it.
“Once the user opens the PayPal app and logs in, the malicious accessibility service (if previously enabled by the user) steps in and mimics the user’s clicks to send money to the attacker’s PayPal address.”
ESET warned that the hacking attack can be carried out in a matter of seconds and there’s “no feasible way” for an unsuspecting user to intervene in time to stop it.
Android fans are warned about the malware which tries to steal money from PayPal accounts
They added: “During our analysis, the app attempted to transfer 1000 euros, however, the currency used depends on the user’s location.
“The whole process takes about 5 seconds, and for an unsuspecting user, there is no feasible way to intervene in time.
“Because the malware does not rely on stealing PayPal login credentials and instead waits for users to log into the official PayPal app themselves, it also bypasses PayPal’s two-factor authentication (2FA).
“Users with 2FA enabled simply complete one extra step as part of logging in – as they normally would – but end up being just as vulnerable to this Trojan’s attack as those not using 2FA.”
The Android malware that targets PayPal is being spread via third-party app marketplaces
ESET said the only way that hackers can fail once an attack is in progress is if there’s an insufficient PayPal balance and no payment card connected.
They warned the malicious Accessibility service is activated every time the PayPal app is launched, meaning an attack could take place multiple times.
ESET said they have warned PayPal of the threat and the account used by the attacker to receive stolen funds.
Express.co.uk has contacted PayPal for comment.
The Android malware that affects PayPal was hidden away on an app
ESET said they also discovered five malicious apps that have similar capabilities as Optimization Android on the Google Play Store.
These apps targeted Brazilian banks and have now been removed from the Google Play Store.
ESET offered advice to Android users on how to stay safe from the PayPal malware threat.
They advised: “Those who have installed these malicious apps will have likely already fallen victim to one of their malicious functions.
Researchers saw the Android malware try to steal hundreds from the PayPal app
PayPal have been informed by security researchers about the Android malware
“If you have installed the PayPal-targeting Trojan, we advise you to check your bank account for suspicious transactions and consider changing your internet banking password/PIN code, as well as Gmail password.
“In case of unauthorised PayPal transactions, you can report a problem in PayPal’s Resolution Centre.
“For devices that are unusable due to a lock screen overlay displayed by this Trojan, we recommend using Android’s Safe Mode, and proceed with uninstalling an app named ‘Optimization Android’ under Settings > (General) > Application manager/Apps.
“Uninstalling in Safe Mode is also recommended for Brazilian users who installed one of the Trojans from Google Play.”
Android is one of the most used pieces of software in the world
Similar Android malware has been discovered on the Google Play Store
ANDROID MALWARE – ESET TIPS ON HOW TO STAY SAFE
• Stick to the official Google Play store when downloading apps
• Make sure to check the number of downloads, app ratings and the content of reviews before downloading apps from Google Play
• Pay attention to what permissions you grant to the apps you install
• Keep your Android device updated and use a reliable mobile security solution