A limited number of versions of an app called “Optimization Battery” contains a Trojan designed to steal money from PayPal accounts, including those that are protected by two-factor authentication.
The new threat was discovered by researchers at ESET. An in-depth analysis of the code reveals it to be a well-engineered threat that should be considered extremely dangerous.
It works by abusing the “Accessibility” service to mimic screen taps. In this way, the malware can initiate a new PayPal transfer, enter the information of an account controlled by the hacker as the recipient, and enter in the sum to be transferred. This all happens in the space of about five seconds, which doesn’t give the victim sufficient time to interrupt the transfer.
Even worse, it’s set to activate and initiate a transfer every time the victim logs into PayPal, so the victim has just enough time to see that funds are available, only to watch in horror as they are immediately bled out of the account, right before their eyes.
It all happens so quickly that many users first think it’s a glitch. They may suffer two, three, or more attacks before they realize that something nefarious is afoot.
If there’s a silver lining to be found, it is the fact that the poisoned version of Optimization Battery is only available on third-party vendor websites. It is not present on the Google Play Store. The best defense then, is to simply limit your app downloads to the Google Play Store in order to minimize your risk.
The bottom line is, if you have an Android device, use PayPal, and have installed the Optimization Battery app, keep a close watch on your PayPal balances. Someone may be robbing you blind.