An Android Malware's Robbing PayPal Accounts!



Security researchers have advised the Android users to keep a check on their PayPal accounts as quite recently, an Android malware has emerged which could easily dodge the security authentication of the application.

Not of late, a case got reported wherein a 1,000 pounds attempt at pilfering the victim’s PayPal account was made.

The attacking cyber-con enters the victim’s PayPal account on their own and easily penetrates the application’s Two-Factor-Authentication (2FA). There’s no role of harvesting login credentials.
 
The users, who have and haven’t activated their Two-Factor-Authentication, are susceptible to this attack alike.

The malware which is reportedly being distributed by a third party, primarily, has the Android’s PayPal app on its radar. Other malware with the same disposition have also been dug out.

By manipulating Android’s Accessibility Services is how the cyber-con behind it all, targets its aim on PayPal.

A researching organization got its hands on the malware which is distributed on third-party app stores and was concealed behind the veil of a battery optimization tool which goes by the name of “Optimization Android”.
Google Play Store has been a part of hearsay because of other malware that have been found on it which possess a similar flair for targeting banking apps.

The aforementioned malware’s key operation is to pilfer money from its target’s PayPal account by initiating a malicious service into the victim’s system.

And to activate this service a request is sent to the victim by the so called bland “Enable Statistics Service”.

If on a vulnerable device the official PayPal is downloaded, the malware would flash a notification to launch it.

The attacker need only wait for the user to log into the app. Once that happens, the “Accessibility Service” would start to impersonate the user’s click and will transfer the money from the victim’s account to the PayPal Address of the cyber-con.

According to the researchers, the attack doesn’t take more than seconds to fall through and in no practical reality can a user stop it in time.


The kind of currency that gets transferred hinges on the victim’s location. The work’s done within a short duration of 5 seconds.
 
The only loophole for the attackers and the only chance at the users’ safety is the kind of balance the victim has. That is, if there is less balance in the account than what the attacker has asked for and no payment cards attached to the account.

Every time the official PayPal application is launched onto the system, the improper “Accessibility Service” gets activated, making the device vulnerable to numerous more attacks.

PayPal has been officially contacted and informed about the erroneous makeup of the application and the risk the users entail.

Five other applications with an analogous disposition to the Optimization Android have been exposed in recent times, on the Google App store.

Rumor has it, that the users with this app already on their ‘downloaded apps’ list have potentially by now entered the trap and fallen prey to the attack.

A few users in Brazil have also come across this unfortunate attack.


Remedies And Advice From The Researchers
·         Keep on checking the application for any fishy transactions. If found, contact the PayPal Resolution Center and report the issue.
·         Keep track of the PayPal account balance.
·         It would really help to change the internet banking and connected e-mail passwords.
·         Try using “Android’s Safe Mode” and try uninstalling the app with the name, “Optimization Android”.
·         Keep your devices updated.
·         Keep a check on what permissions you grant to the application so downloaded.
·         Only use the official Google Play Store App to download other applications.



Android Malware Steals 1,000 Euros In Around 5 Seconds Via PayPal



Another malware discovered in November masked as a battery enhancement application—called Android Optimization is as of late been brought into highlight to have been customized in such a way so as to send 1,000 euros to cyberthieves by means of PayPal in around 5 seconds and all this without the user being able to stop it.

The malware is being circulated by third party applications therefore making it unavailable in the official Google Play Store.

The malware is depicted as one to sagaciously exploit Google's Accessibility Services, intended to assist individuals with disabilities, to trick users into giving the hackers some control of the phone.

After the malware approaches the user for authorization to "Enable Statistics "in the wake of being installed this empowers the cybercriminals to take control of the phone remotely when the user opens certain applications, for the most part some being: PayPal, Google Play, WhatsApp, Skype, Viber, Gmail, and some other banking applications.

ESET researchers found that the malware can demonstrate users overlay phishing pages made to look like legitimate banking applications, or other well-known applications, such as, Gmail, WhatsApp, Skype and Viber, approaching the users for credit card certifications.

 “The whole process takes about 5 seconds, and for an unsuspecting user, there is no feasible way to intervene in time. The attackers fail only if the user has insufficient PayPal balance and no payment card connected to the account. The malicious Accessibility service is activated every time the PayPal app is launched, meaning the attack could take place multiple times.” wrote ESET researcher Lukas Stefanenko in a blog post.

A video by ESET showing how the malware works





Microsoft, Netflix and PayPal Emerge As the Top Targets for Phishing Attacks



Email security provider Vade Secure released another phishing report following the 25 most 'spoofed' brands in North America that are imitated in phishing attacks. Amongst them the top three are Microsoft, Netflix and PayPal.

Out of all the 86 brands that were tracked, 96% of them all were done so by the company as per their Q3 2018 report.

Bank of America and Wells Fargo are not so far behind Microsoft and the other top 2 targets in this case as there has been an increase in these phishing attacks by approximately 20.4% as reported by Vade Secure. As the attackers attempt to access Office 365, One Drive, and Azure credentials their focus has been towards cloud based services as well as financial companies.



Vade Secure's report states - "The primary goal of Microsoft phishing attacks is to harvest Office 365 credentials. With a single set of credentials, hackers can gain access to a treasure trove of confidential files, data, and contacts stored in Office 365 apps, such as SharePoint, One Drive, Skype, Excel, CRM, etc. Moreover, hackers can use these compromised Office 365 accounts to launch additional attacks, including spear phishing, malware, and, increasingly, insider attacks targeting other users within the same organization."

The attackers, through a feeling of urgency endeavor to show that the recipient's account has been suspended or so thus inciting them to login in order to determine the issue, this happens in the case of Office 365 phishing emails. By doing this though they expect for the victims to be less wary when entering their credentials.

Exceptionally compelling is that attackers have a tendency to pursue a pattern with respect to what days they send the most volume of phishing mails. As per the report, most business related attacks tend to happen amid the week with Tuesday and Thursday being the most popular days. For Netflix though, the most focused on days are Sunday because that is the time when users' are taking a backseat and indulge in some quality television.

As these attacks become more targeted Vade Secure’s report further states – "What should be more concerning to security professionals is that phishing attacks are becoming more targeted. When we correlated the number of phishing URLs against the number of phishing emails blocked by our filter engine, we found that the number of emails sent per URL dropped more than 64% in Q3. This suggests that hackers are using each URL in fewer emails in order to avoid by reputation-based security defenses. In fact, we’ve seen sophisticated phishing attacks where each email contains a unique URL, essentially guaranteeing that they will bypass traditional email security tools."

For the users' however , it is advised to dependably examine a site before entering any login details and if there are any occurrences of the URL seeming abnormal or even something as minor as a language blunders then they should report the issue directly to either the administrator or the company itself.