Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Spam delivers Android banking malware disguised as PayPal app

A fairly official looking email comes in asking the recipient to update their PayPal app, but clicking the link to do so results in the user downloading a sneaky mobile online banking trojan detected by Trend Micro as AndroidOS_Marchcaban.HBT.

Based on the language in the email, Android users in Germany are the target, a Trend Micro post said. The company noted that it has observed some variants of the email being sent more than 14,000 times.

Upon installing the malicious app, it requests to act as system administrator and asks for other privileges.

“Once the malware detects the real PayPal app is running, it will put up a fake UI on top of the real one, effectively hijacking the session and stealing the user's PayPal credentials,” the post said, adding that the code also targets other banking apps such as Commerzbank.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.