Spam delivers Android banking malware disguised as PayPal app

Clicking the link in the spam emails results in an Android user downloading a sneaky mobile online banking trojan.
Clicking the link in the spam emails results in an Android user downloading a sneaky mobile online banking trojan.

A fairly official looking email comes in asking the recipient to update their PayPal app, but clicking the link to do so results in the user downloading a sneaky mobile online banking trojan detected by Trend Micro as AndroidOS_Marchcaban.HBT.

Based on the language in the email, Android users in Germany are the target, a Trend Micro post said. The company noted that it has observed some variants of the email being sent more than 14,000 times.

Upon installing the malicious app, it requests to act as system administrator and asks for other privileges.

“Once the malware detects the real PayPal app is running, it will put up a fake UI on top of the real one, effectively hijacking the session and stealing the user's PayPal credentials,” the post said, adding that the code also targets other banking apps such as Commerzbank.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS