Dodgy Android app steals £1,000 from user’s PayPal account in SECONDS

A DANGEROUS scam app that can steal thousands of pounds from your PayPal account has been exposed.

Security researchers are now warning Android phone owners about the dodgy app – and urging users to uninstall it immediately.

The app is called Optimization Android, and plays a clever trick to nick your money.

Experts at cybersecurity firm ESET said the app “masquerades as a battery optimisation tool”, which is designed to improve your battery life.

But in reality it’s a scam app that’s designed simply to steal your PayPal funds.

“After being launched, the malicious app terminates without offering any functionality and hides its icon,” said ESET’s Lukas Stefanko.

You’re then asked to “Enable statistics”, which seems like a fairly innocent request – but it’s far from it.

If you have the official PayPal app installed, you’ll receive a notification alert prompting you to launch the app.

Users then launch the PayPal app and log in.

Next, the malicious accessibility service (which the user enabled earlier) “steps in and mimics the user’s clicks”.

This allows the dodgy app to send money to the attacker’s PayPal address in a matter of seconds.

“During our analysis, the app attempted to transfer 1,000 euros, however, the currency used depends on the user’s location,” Stefanko explained.

“The whole process takes about five seconds, and for an unsuspecting user, there is no feasible way to intervene in time.”

This scam app is particularly impressive because it doesn’t actually have to hack into your account.

Instead, you log in yourself – giving hackers a chance to steal your funds.

This circumvents any additional security measures you had on your account.

“Because the malware does not rely on stealing PayPal login credentials and instead waits for users to log into the official PayPal app themselves, it also bypasses PayPal’s two-factor authentication (2FA),” said Stefanko.

“Users with 2FA enabled simply complete one extra step as part of logging in – as they normally would – but end up being just as vulnerable to this Trojan’s attack as those not using 2FA.”

Fortunately for the security researchers, the attack on their device failed because the PayPal account had no funds.

But it’s possible for this scam to affect someone multiple times over, potentially costing a victim thousands of pounds.

The best advice is to delete the app from your phone, and always be wary of installing apps from places other than the official Google Play Store.

And even if you download Google Play Store apps, it’s worth checking the reviews and doing a Google search to see if there are any security concerns around the app you’re using.

We’ve asked PayPal for comment and will update this story with any response.

This week we exposed 22 scam apps that drain your phone’s battery life.

In November, The Sun reported on dangerous apps that could steal your bank info and send fake texts.

And that same month, we shed light on 35 fake security apps in the Google Play Store.

Have you spotted any smartphone scams recently? If so, let us know in the comments!

We pay for your stories! Do you have a story for The Sun Online news team? Email us at [email protected] or call 0207 782 4368 . We pay for videos too. Click here to upload yours.