Android Trojan makes PayPal payment on behalf of user | bypass Android PayPal app 2fa|Code analysis
Vložit
- čas přidán 10. 12. 2018
- New PayPal Malware is android trojan which can bypass Android PayPal App 2fa. Here is an apk code analysis. We live security.
Android malware analysis of new mobile banking threat misusing accessibility services to make PayPal payment by sending $1,000 from victim account every time user opens PayPal application.
It can bypass PayPal’s two-factor authentication (2FA).
Video includes Trojan demonstration, code analysis and mitigation.
FOLLOW: / lukasstefanko
BLOG: www.welivesecurity.com/2018/1...
Subscribe for more videos!
Hey lukas, I am a great fan of your work and it is certainly very helpful. What kind of tools do you use to perform dynamic analysis?
Hey there, for dynamic analysis I use Burp or PacketCapturer for analyzing network traffic and Logcat for debug logs - sometimes it can disclose interesting things. In the case of dropped files is rooted device always helpful ;)
Recently got a 300.00 charge on my PayPal, via Samsung pay. To some companies in Mexico. Samsung denied it, paypal denied it, and my bank cant help because i have auto top off. So they literally robbed me. And im fighting for reimbursement still. Have any info on that?
Good work thanks**********
Hey Lukas why don’t you make complete Andorid malware analysis course there is no such course in market right now.complete roadmap for android malware analysis
Yes pls
Where do i download the optimization android plss
thanks my i have source code ??
To say that this "bypasses" 2FA is fairly misleading. The exploit does not allow logging in without use of 2FA, it just waits for the user to complete it, themselves.
It is actually bypassing 2FA however, in a new/smart way. The main idea is that it doesn't matter if you have PIN protected app and device, strong PayPal password and enabled 2FA it still makes unwanted payment.
Lukas Stefanko bypass it by read msg and submit it for example ,without user acting,
8:12 message from hacker.lol
paypol