Do you own an Android device? 

Are you a PayPal user?  If you answered yes to both of those questions, you have something new to worry about.

A limited number of versions of an app called "Optimization Battery" contains a Trojan designed to steal money from PayPal accounts, including those that are protected by two-factor authentication.

The new threat was discovered by researchers at ESET.  An in-depth analysis of the code reveals it to be a well-engineered threat that should be considered extremely dangerous.

It can imitate a user

It works by abusing the "Accessibility" service to mimic screen taps.  In this way, the malware can initiate a new PayPal transfer, enter the information of an account controlled by the hacker as the recipient, and enter in the sum to be transferred. This all happens in the space of about five seconds, which doesn't give the victim sufficient time to interrupt the transfer.

Even worse, it's set to activate and initiate a transfer every time the victim logs into PayPal, so the victim has just enough time to see that funds are available, only to watch in horror as they are immediately bled out of the account, right before their eyes.

It all happens so quickly that many users first think it's a glitch.  They may suffer two, three, or more attacks before they realize that something nefarious is afoot.

If there's a silver lining to be found, it is the fact that the poisoned version of Optimization Battery is only available on third-party vendor websites.  It is not present on the Google Play Store.  The best defense then is to simply limit your app downloads to the Google Play Store in order to minimize your risk.

Our perspective

The bottom line is, if you have an Android device, use PayPal, and have installed the Optimization Battery app, keep a close watch on your PayPal balances.  Someone may be robbing you blind.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business