What happens when you combine a remotely controlled banking Trojan with an abuse of Android Accessibility services? According to new research from ESET, you get an Android Trojan that steals money from PayPal accounts, even with 2FA on.
The attack against the PayPal app highlights the vulnerabilities of installing apps from unknown sources and demonstrates how easily an overlay attack can hijack a strong application. You should avoid installing apps from third-party app stores to remain safe from malware attacks. Also, exercise great caution before providing any app with access.
3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014