If you are one of those active users of PayPal, this could be alarming for you. There’s a new trojan virus on the prowl now. And it plans to take all your money away from you through the Paypal app. Let us sit back and look at this digital nuisance a bit more clearly.
The most important thing about computer viruses, especially trojans, are their disguises. They may be coming across as a utility app which doesn’t execute itself upon execution, an insignificant app asking for a lot of permissions, etc. In this case, the trojan disguises itself as a battery optimising tool. You can check the image of the malware app in the photo below.
It is available for download via third-party app stores. Once it is in fact installed in your device, the app terminates itself before execution and hides its icon. It is then that the malware gets down to business.
Hacking Paypal Accounts
Now that the installation of the malware into the device is completed, it is now time for it to act up. But no malware can act up unless we allow it to. Yes, you heard that right. All the malware gets the kind of dangerous access that they want because of us allowing them to do so through permissions. In this case, the permission would come across to “Enable Statistics”. May sound really harmless but is indeed very dangerous.
Once it has the permission that it needs, it prompts the user to use the official Paypal on the phone, provided that it is installed. Once the user logs in, the trojan virus gets in too. It then sends funds to the owner of the virus through a series of clicks, all within 5 seconds. It is just not possible to take evasive action during that time. What’s more is that the attack happens everytime you open your account through your Paypal app. Hence, there is a huge possibility of multiple attacks.
The 2FA bypass
Since the virus doesn’t actually collect your login credentials but waits for you to log in on your own, it bypasses the two-factor authentication (2FA) as well. According to Securenvoy, the two-factor authentication “adds another layer of security, supplementing the username and password model with a code that only a specific user has access to“. By way of protecting, the two-factor authentication just makes the user go through an extra step before logging in. With regards to viruses like the one discussed above, it is not going to be that helpful.
Are we really safe with 2FA?
For viruses like the ones mentioned above, they will only stop if the Paypal account has insufficient balance or doesn’t have a card connected to it. But this begs the question. For apps handling something as important as our money, is 2FA really safe? There have been various articles which point out the flaws in the technology and methods to override and bypass them.
Hence, the apps, especially the ones tasked with handling our money, need to figure out more secure ways to go about their business. In a world dominated by privacy, security goes a long way in enforcing brand value. Hence, the more secure an app is, the more successful it is going to be.