Skip to main content

New Android Malware Can Drain Your PayPal Account 

By December 31, 2018June 2nd, 2022Cybersecurity

Do you own an Android device?  Are you a PayPal user?  If you answered yes to both of those questions, you have something new to worry about.

A limited number of versions of an app called “Optimization Battery” contains a Trojan designed to steal money from PayPal accounts, including those that are protected by two-factor authentication.

The new threat was discovered by researchers at ESET.  An in-depth analysis of the code reveals it to be a well-engineered threat that should be considered extremely dangerous.

It works by abusing the “Accessibility” service to mimic screen taps.  In this way, the malware can initiate a new PayPal transfer, enter the information of an account controlled by the hacker as the recipient, and enter in the sum to be transferred. This all happens in the space of about five seconds, which doesn’t give the victim sufficient time to interrupt the transfer.

Even worse, it’s set to activate and initiate a transfer every time the victim logs into PayPal, so the victim has just enough time to see that funds are available, only to watch in horror as they are immediately bled out of the account, right before their eyes.

It all happens so quickly that many users first think it’s a glitch.  They may suffer two, three, or more attacks before they realize that something nefarious is afoot.

If there’s a silver lining to be found, it is the fact that the poisoned version of Optimization Battery is only available on third-party vendor websites.  It is not present on the Google Play Store.  The best defense then, is to simply limit your app downloads to the Google Play Store in order to minimize your risk.

The bottom line is, if you have an Android device, use PayPal, and have installed the Optimization Battery app, keep a close watch on your PayPal balances.  Someone may be robbing you blind.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.