Sneaky Android Malware Drains Users' PayPal Accounts Even With 2FA Enabled

by Brandon Hill — Tuesday, December 11, 2018, 02:45 PM EDT

Android malware authors are always out looking to make a buck, and it looks as though one particular outfit has struck gold. Researchers from ESET have come across a malicious app called Optimization Android that presents itself as a battery conditioning tool.

androidoptimizer — **Image Source: ESET**

However, the app doesn't actually provide any power optimizations at all. Instead, it simply immediately shuts down when it's opened. However, in the background it is waiting to perform its dastardly deeds. When first installed, the app asks the user for permission to access Android Accessibility services, which is later cleverly used to infiltrate the PayPal payment service.

Here's how it works: the Android Accessibility permission allows the malicious app to monitor screen taps without the user noticing. So, Optimization Android lays in wait until the user opens the official PayPal app. Once PayPal is opened, the malicious app springs into action once the user enters his or her login credentials (along with their two-factor authentication code). Once this has been completed, the malicious app within 5 seconds uses these credentials to send funds from your account to the attacker's PayPal address.

In testing, the app attempted to steal 1,000 euros (although the currency depends on your given location). ESET writes:

Because the malware does not rely on stealing PayPal login credentials and instead waits for users to log into the official PayPal app themselves, it also bypasses PayPal’s two-factor authentication (2FA). Users with 2FA enabled simply complete one extra step as part of logging in, – as they normally would – but end up being just as vulnerable to this Trojan’s attack as those not using 2FA.

ESET adds that the attack will be successful as long as there are sufficient funds in your PayPal balance, or if you have a credit card attached to your account. As if all of the above wasn't enough, the malicious app can also obtain your contacts, make/forward calls and even intercept/delete SMS messages (among other things).

If there's any consolation to the discovery of Optimization Android, it's that thisspecific instance for now has only been found lurking within third-party app store and not the official Google Play Store. However, ESET notes that apps with similar functionality have been discovered in the Play Store.

Tags: Android, Malware, optimization android

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.