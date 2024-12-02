The malware has been customized by bad actors to send 1,000 euros to cybercriminals using PayPal in around 5 seconds and all this without the user being able to stop it. The malware is being circulated by third party applications therefore making it unavailable in the official Google Play Store.

The malware exploits Google’s Accessibility Services and is intended to assist individuals with disabilities, tricking users into giving the hackers some control of the phone. Cybercriminals take control of the phone remotely when the user opens certain applications, for the most part some being: PayPal, Google Play, WhatsApp, Skype, Viber, Gmail, and some other banking applications.

According to ESET researchers the attackers fail only if the user has insufficient PayPal balance and no payment card connected to the account. The malicious Accessibility service is activated every time the PayPal app is launched, meaning the attack could take place multiple times.