Spammers are targeting users with fake PayPal app update email which comes with an embedded link of an android app which actually is an Android Banking malware.
Recently, an email circulation has been let loose by hackers. This email looks quite official in design and content, asking the recipient to update their Android PayPal app.
The email sends by hackers looks quite official in design and content, they are asking users to update their Android App of PayPal.
If the users click on given link in email, a download is started which pretends to be a PayPal app for Android which actually is banking trojan that has been detected by Trend Micro as Android_OS_Marchcaban.HBT.
Trend Micro says in a post that the language used in the email suggests that people living in Germany are their main target. It also reports that this email has been sent over 14,000 times in variations.
After a user installs this application, a request to act as system administrator appears on the screen along with a request relating to other privileges.
“Once the malware detects the real PayPal app is running, it will put up a fake UI on top of the real one, effectively hijacking the session and stealing the user’s PayPal credentials,” the post said. Furthermore, it has been said that this code is also employed to target various banking-related apps like Commerzbank.
Once the user installs the update, the malware checks for the original PayPal app, if detected the malware puts its own User Interface as a layer and steals the login credentials when users types.