11 December 18, 17:55
Quote:A new Android trojan hidden inside a battery optimization app can steal money from users' PayPal accounts, ESET has revealed today, even from those protected by two-factor authentication.
Fortunately, the malicious app, named Optimization Battery, is currently available through third-party app stores only, and not through the official Play Store, meaning very few people have had phones infected by this threat until now.
Despite this, this app should be considered incredibly dangerous. The reasons is that it features an automated system that initiates PayPal money transfers right from under the user's nose, without giving the victim a chance to stop the illicit transaction.
This happens because during installation, the app requests access to the Android "Accessibility" permission, a very dangerous feature that allows an app to automate screen taps and OS interactions.
Full Report: https://www.welivesecurity.com/2018/12/1...ounts-2fa/
Source: https://www.zdnet.com/article/android-ma...-helpless/