Android Trojan steals money from victims’ PayPal account

From helpnetsecurity.com

ESET researchers have unearthed a new Android Trojan that tricks users into logging into PayPal, then takes over and mimics the user’s clicks to send money to the attacker’s PayPal address.

The heist won’t go unnoticed by the victim if they are looking at the phone screen, but they will also be unable to do anything to stop the transaction from being executed as it all happens in a matter of seconds.

The only thing that will prevent the theft is if the user has insufficient PayPal balance and no payment card connected to the account (as shown in this demo video):

Read more…