A new Android Trojan has been detected and it’s the kind that can literally cost you money. Pay attention especially if you are using PayPal! Initially described as a battery optimization tool, once downloaded and installed from third party app stores, it will terminate its process and remove its icon. However, it does so after requesting access to “Observe your actions” and “Retrieve window content”.

It scans your phone for the existence of the PayPal app, and, instead of hacking it, it stays hidden until the users themselves log in. This way it also bypasses two-factor authentication, as the user is the one logging in. Once logged in, within 5 seconds, it will send $1,000 (or Euros, or another currency depending on your location) to the hacker’s PayPal address.

It will do so several times, unless you are out of funds and there is no card attached to your PayPal account. As a secondary behavior, it will also phish for your Gmail password, and credit card numbers, by using overlay attacks. These are the kinds of screens you can’t dismiss unless you actually fill in a form. Google Play, WhatsApp, Skype, Viber, and Gmail is what the Trojan uses after downloading HTML-based overlay screens.

The Trojan can be instructed to do other malicious activities as well. These can include getting your contacts, making calls, sending texts, etc. You can find more details at the source link below, but, as a general rule of thumb, stay away from third party app stores.