To prevent attackers from reaching your bank accounts via a mobile number, use the "receive SMS online" service to confirm registrations on unfamiliar sites.
This is how ESET says how the malware works. When the user starts the application, it immediately crashes. In fact, it is still running in the background. Then a fake Android security prompt appears asking you to include what looks like a legit statistics service. In fact, the user gives access to a function that allows a malicious program to do its dirty work.
If the malware finds the PayPal application installed on the victim’s phone, then it will go to a new level. A warning appears prompting the user to log into PayPal. After entering the system, the malware uses the accessibility service to simulate user input in the PayPal application. These invisible actions try to send money to the attacker's own PayPal accounts.
Two-factor authentication cannot protect PayPal victims from this particular attack. Because it is part of the sign-in process they are used to. If the user liked the fake notification, punching in the 2FA code will seem like a completely normal thing, especially if it is done right in the PayPal application.
According to ESET researchers, the malware tried to transfer a whopping 1,000 euros. The amount and type of currency are adjusted depending on the location of the victim. If the PayPal balance is too low and there is no source of financing connected to the user account, the attack will fail.
The trojan does not stop there. He has other tricks up his sleeve.
ESET noted that malware will also carry out so-called overlay attacks. This is a form of phishing that attempts to trick users into entering payment card information on a screen that apparently belongs to a legitimate application. This particular trojan acts as Gmail, Skype, Whatsapp, Viber and several banking applications.
There have already been many similar malicious programs for Android, and most users do not need to worry about infection. ESET detected the trojan only in third-party app stores. Stick to Google Play for your apps and games and you won’t fall for it.
Similarly, such Trojans can control other popular electronic money systems, such as webmoney, Yandex money and others.