The story of infected Android apps is endless, and the possibility you’ve downloaded a malicious app instead of a useful one is not small at all.
Some malicious apps are worse than others, and such is the case with a battery optimization app that is designed to steal money from users’ PayPal accounts. What is even worse with this app is that even two-factor authentication doesn’t protect you from losing your PayPal funds.
The good news is here is that the malicious app, Optimization Battery, is only available for download on third-party app stores, and Google Play Store seems to be unaffected by this particular case. This significantly limits the number of victims, but doesn’t make the app less malicious as it is in fact a very dangerous one. But it should be mentioned that security researchers have detected similar apps lurking in the Play Store as well. More specifically, 5 such apps were detected in the official store targeting Brazilian users.
Optimization Battery Android App: Technical Overview
The app is hiding an Android Trojan inside it, and it is the Trojan that has the capabilities to initiate PayPal money transfers without the user noticing it. This is possible due to an automated system which also makes it impossible for the victimized user to stop the unwanted transaction.
How is this even possible? During the installation process, the app requests access to the Android Accessibility permission which enables apps to automate screen taps and OS interactions. A very alarming permission, indeed. However, it should be noted that the app won’t do anything until the user opens their PayPal app. To speed up this activity, the Trojan may trigger notifications to push the user into opening PayPal on his device.
Once the PayPal is launched, the Trojan will also wait so that the user logs in, enters their two-factor authentication code. After all these actions are completed, the Trojan will initiate its malicious operation.
How much money would a victim lose to the trojanized Optimization Battery app? According to ESET researchers who detected the app, it would attempt to steal 1,000 units from the PayPal account in the corresponding currency. What is worse that the automated transaction is designed to take place every time the user accesses their PayPal app, until the account is drained out of money.