Hackers are targeting users with fake PayPal app update email which actually comes with an embedded link of an Android banking malware.
If the users click on the given link, a download is triggered. This download is a mobile online banking Trojan that has been detected by Trend Micro as AndroidOS_Marchcaban.HBT.
Trend Micro says in a post that the language used in the email suggests that people living in Germany are their main target. It also reports that this email has been sent over 14,000 times in variations.
After a user installs this application, a request to act as system administrator appears on the screen along with a request relating to other privileges.
“Once the malware detects the real PayPal app is running, it will put up a fake UI on top of the real one, effectively hijacking the session and stealing the user’s PayPal credentials,” the post said. Furthermore, it has been said that this code is also employed to target various banking-related apps like Commerzbank.
Once the user installs the so-called update, the malware checks for the original PayPal app. Once detected, the malware puts up its own UI on the top of the original PayPal app which lets the fake app steal your PayPal login data.