These apps were designed to pass as BtcTurk, a Turkish cryptocurrency exchange.
Researcher Lukas Stefanko at the Slovakian security firm ESET has discovered Android malware in new apps that can bypass the SMS-based two-factor authentication (2FA) without using SMS permissions.
The malicious apps are available on the very reliable platform Google Play Store. The malware can bypass SMS 2FA, which is a measure introduced by Google in March to prevent the exploitation of SMS and Call Log permissions so that credential-stealing applications couldn’t abuse them.
Don’t buy cheap phones: Google confirms Triada backdoor in cheap Android phones
Infected apps can access one time passwords (OTPs) sent through SMS and email despite not possessing necessary permissions. Once the passwords from notification sent to the targeted device are stolen, these notifications are immediately hidden so that the user doesn’t suspect any foul play.
In simple words, some malicious, infected apps can read the notifications on your phone and steal 2FA passwords without intercepting SMS or emails. Stefanko wrote in a blog post that using the technique it is possible to “obtain OTPs from some email-based 2FA systems.”
These apps were designed to pass as BtcTurk, a Turkish cryptocurrency exchange. These apps used phishing for obtaining the exchange’s login credentials and took the OTP from the notifications that were displayed on the screen of a compromised device.
First such app was uplo ..
Support the originator by clicking the read the rest link below.
