Double Check Before Installing this Fake PayPal App sent via Email

Wednesday, October 7, 2015

A Fake PayPal App is being sent to Android users in Germany

Fake PayPal App on Android device
German Android users are tricked by a well -drafted and convincing email which pretends to be an official email from PayPal app. The email requests the recipient to download a fake PayPal app update. The email, coming from Vietnam, Ukraine, Russia and India, was traced by our researchers. The downloading of the update leads to a Malware which requires Device Administrator privileges and some permissions like Change screen-lock password, lock the screen etc. The most surprising fact here is despite not granting Administrator privilege, the Malware was found to be running in the background, which makes it easy to track phone activity, i.e. track which app is running. The unique feature of this Banking Trojan is that it detects the legitimate PayPal app and puts up a fake UI on top of the real one once the app starts running. It effectively hijacks the PayPal session of the victim and steals his/her credentials.

The installed app uses Paypal icon. No Wonder.

(According to a recent eScan research)

5 Tips to safeguard yourself from Malware on Google Play:

  1. Use a trustworthy antivirus on your Android phone and update it regularly.
  2. Always download apps only from their official website or Google Play Store, after checking or verifying.
  3. Download applications of a reliable app developer. In addition to it, check the user ratings, reviews of the app.
  4. It is always a good practice to read the permissions of the app, which is going to be installed for security.
  5. Whenever Something arrives via email make sure who the sender is. For instance if PayPal will send you an email, the email address will surely have in it. Double check the spelling and the TLD (.com, .biz etc.). PayPal uses .com

Open emails only if you are positive about the source.


  © Tech24Hours 2001-2015

Back to TOP