New research discovered malware in the Google Play Store that specifically targets Android users for no less than $1,000 dollars through PayPal. The malware hides in Android’s battery optimization tool, third-party app stores, along with the apps distributing it on the Play Store. After the malware begins, the app quits before any function is performed. It cautiously begins playing out its pernicious exercises while staying covered up. There are two capacities that the application performs. In the first place, it takes cash from PayPal records of its targets which it needs for accessibility. It does this by showing a demand to Enable Statistics to the victim. If the PayPal app is currently downloaded on the targeted device, the malware prompts the client with a notice to open it. When the app is opened and the victims logs in, the compromised accessibility service confuses the victim into sending money to the criminal’s PayPal. This whole procedure is done inside ten seconds and inside such a brief period, it ends up inconceivable for the victim to identify anything out of the ordinary. In the second function an HTML-based phishing screen is used on five different authentic applications including WhatsApp, Google Play, Gmail, Viber, and Skype. On the screens, the client is invited to enter the charge card number. The screen can also be modified to look like a bank app to help the attacker steal banking information. Since being discovered, the app has been taken off the Play Store but that does not mean it can’t be modified and come back in a different form.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased