A DANGEROUS scam app that can steal thousands of pounds from your PayPal account has been exposed.
Security researchers are now warning Android phone owners about the dodgy app – and urging users to uninstall it immediately.
The app is called Optimization Android, and plays a clever trick to nick your money.
Experts at cybersecurity firm ESET said the app “masquerades as a battery optimisation tool”, which is designed to improve your battery life.
But in reality it’s a scam app that’s designed simply to steal your PayPal funds.
“After being launched, the malicious app terminates without offering any functionality and hides its icon,” said ESET’s Lukas Stefanko.
You’re then asked to “Enable statistics”, which seems like a fairly innocent request – but it’s far from it.
If you have the official PayPal app installed, you’ll receive a notification alert prompting you to launch the app.
Users then launch the PayPal app and log in.
Next, the malicious accessibility service (which the user enabled earlier) “steps in and mimics the user’s clicks”.
This allows the dodgy app to send money to the attacker’s PayPal address in a matter of seconds.
“During our analysis, the app attempted to transfer 1,000 euros, however, the currency used depends on the user’s location,” Stefanko explained.
“The whole process takes about five seconds, and for an unsuspecting user, there is no feasible way to intervene in time.”
This scam app is particularly impressive because it doesn’t actually have to hack into your account.
Instead, you log in yourself – giving hackers a chance to steal your funds.
This circumvents any additional security measures you had on your account.
“Because the malware does not rely on stealing PayPal login credentials and instead waits for users to log into the official PayPal app themselves, it also bypasses PayPal’s two-factor authentication (2FA),” said Stefanko.
“Users with 2FA enabled simply complete one extra step as part of logging in – as they normally would – but end up being just as vulnerable to this Trojan’s attack as those not using 2FA.”
Fortunately for the security researchers, the attack on their device failed because the PayPal account had no funds.
But it’s possible for this scam to affect someone multiple times over, potentially costing a victim thousands of pounds.
The best advice is to delete the app from your phone, and always be wary of installing apps from places other than the official Google Play Store.
And even if you download Google Play Store apps, it’s worth checking the reviews and doing a Google search to see if there are any security concerns around the app you’re using.
We’ve asked PayPal for comment and will update this story with any response.
Woman claims she has PROOF Facebook is spying on conversations
Supercolony of 1.5million penguins hidden for 3,000 years exposed by their POO
OUT OF JUICE
Delete THESE 22 dodgy apps to save your phone’s battery life
When will Geminids Meteor Shower appear in the UK & where’s best place to see them?
How Taylor Swift uses face-scanner on obsessed fans to spot ‘STALKERS’ at concert
SANTA’S SMART HOME
Amazon launches SURPRISE ‘festive sale’ and knocks up to £65 off gadgets
This week we exposed 22 scam apps that drain your phone’s battery life.
In November, The Sun reported on dangerous apps that could steal your bank info and send fake texts.
And that same month, we shed light on 35 fake security apps in the Google Play Store.
Have you spotted any smartphone scams recently? If so, let us know in the comments!
- The best Android apps (July 2020)
- Best Android Apps for Your Chromebook 2020
- The best Android apps and games of the week: Spider-Man Unlimited and more
- Delete these 25 Android apps and change your Facebook password NOW – you may have been hacked
- These 24 Android apps are really good for your new tablet
- First look: Google TV gets Honeycomb, Android apps
Dodgy Android app steals £1,000 from user’s PayPal account in SECONDS have 699 words, post on www.thesun.co.uk at December 13, 2018. This is cached page on Talk Vietnam. If you want remove this page, please contact us.