A fairly official looking email comes in asking the recipient to update their PayPal app, but clicking the link to do so results in the user downloading a sneaky mobile online banking trojan detected by Trend Micro as AndroidOS_Marchcaban.HBT.
Based on the language in the email, Android users in Germany are the target, a Trend Micro post said. The company noted that it has observed some variants of the email being sent more than 14,000 times.
Upon installing the malicious app, it requests to act as system administrator and asks for other privileges.
“Once the malware detects the real PayPal app is running, it will put up a fake UI on top of the real one, effectively hijacking the session and stealing the user's PayPal credentials,” the post said, adding that the code also targets other banking apps such as Commerzbank.