News has broken that security researchers at Slovakia’s ESET have identified a new banking Trojan that bypasses PayPal’s two-factor authentication (2FA) to steal funds – waiting until users have fully logged in before enabling its exploit. The multifaceted malware also has a secondary function, downloading HTML-based phishing overlay screens for five apps – Google Play, WhatsApp, Skype, Viber, and Gmail – an initial list that can be dynamically updated. ESET discovered the malicious software in November.
Corin Imai, Senior Security Advisor at DomainTools:
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.