Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
The Android malware can steal funds in under 5 seconds
#1
https://news.softpedia.com/news/eset-une...pd_related     ESET Unearths Android Trojan That Steals Funds from 2FA-Secured PayPal Accounts

The Android malware can steal funds in under 5 seconds   
Dec 11, 2018 19:58 GMT  ·  By Sergiu Gatlan ·                   
Android malware

An Android Trojan capable of using a malicious Accessibility service to steal funds from two-factor authentication protected PayPal accounts was discovered by ESET's security researchers embedded in a battery optimization app distributed outside the Google Play store.

As detailed in ESET's analysis, the Android malware also uses phishing overlays displayed over legitimate banking and messaging apps to steal credit card info and login credentials.

Moreover, to siphon money out of the PayPal wallets of users that installed the fake battery optimization tool, the Trojan asks the victim to activate a malicious Accessibility service.

The just-enabled "Enable statistics" Android service will ask the target to launch the Paypal app and, after a successful login, it will automatically start clicking around the PayPal app transferring money to its masters' accounts.

The Trojan waits for users to log into PayPal before stealing their money
What is impressive in this novel attack is that the bad actors behind this Android Trojan have figured out that stealing two-factor authentication (2FA) codes is too time-consuming and requires too much effort and instead will just wait for their victims to log in and swoop right in for a taste of the money.

Furthermore, this Trojan is especially menacing given that the malicious Android service will be launched automatically every time the PayPal app is opened, potentially leading to vast amounts of money being stolen if enough funds are available in the account.

Phishing overlays are the second less-dangerous yet just as effective method used by this Trojan to take advantage of their victims' decision to install it on their Android devices.

The malware will display HTML-based overlays over Google Play, WhatsApp, Skype, Viber, and Gmail, as well as over some legitimate banking apps to capture and exfiltrate login credentials.

The overlays used to steal login credentials cannot be dismissed without filling in the login forms
Because the overlays used by the malware are displayed on the lock foreground screen, its victims have to fill out the login forms to get rid of it. Fortunately, as ESET states, "even random, invalid inputs make these screens disappear."

Besides the PayPal looting and credential plundering abilities, the Android Trojan analyzed by ESET is also capable of interfering in the SMS delivery process, exfiltrating contacts and installed app lists, make and forward calls, install and launch apps, as well as start communication sockets.

Apps with a similar behavior were also found in the Google Play store camouflaged as location tracking and using Accessibility services to steal funds from Brazilian banks.

ESET previously discovered a similar Android Trojan capable of using overlays to steal banking credentials in the official Google Play store, also with the help of Android's accessibility services even when SMS two-factor authentication was enabled.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico vietnamrum 0 588 02-09-2024 , 01:19 AM
Last Post: vietnamrum
  45,000 Android devices infected by unremovable malware sidemoon 1 3,102 11-30-2023 , 05:24 AM
Last Post: Pranav
  McAfee researchers find you can clone a voice from just three seconds of audio mrtrout 0 1,196 06-11-2023 , 12:11 AM
Last Post: mrtrout
  Android malware apps with 2 million installs spotted on Google Play tarekma7 0 622 12-05-2022 , 04:09 PM
Last Post: tarekma7
  Android malware infected 300,000 devices to steal Facebook accounts tarekma7 0 467 12-05-2022 , 04:04 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)