The cybersecurity company responsible for the major antivirus software NOD32, ESET, announced on June 17 that the new Android malware is skirting Google's SMS authorization restrictions in order to obtain two-factor authentication codes (2FA) received by SMS. .
According to the report, some malicious applications are able to access one-time passwords sent to users by SMS bypassing the restrictions recently put in place by Google. In addition, the same technique would also allow access to email codes.
According to the author, the applications in question are masquerading as Turkish Turkish BtcTurk cryptocurrency and phishing for service connection information. The malware, "instead of intercepting SMS messages to bypass 2FA protection on user accounts and transactions, these malicious apps extract OTP notifications appearing on the screen of the user." compromised device. " The app also takes steps to prevent the user from noticing the ongoing attack. :
"In addition to reading 2FA notifications, apps can also ignore them to prevent victims from noticing ongoing fraudulent transactions."
The first application as such was uploaded to the Google Play Store on June 7 under the name BTCTurk Pro Beta by the BTCTurk Pro Beta developer account. It has been installed by more than 50 users before ESET reported it to Google. After this first instance, two other versions of the application were downloaded and then removed from the store.
As Cointelegraph reported earlier this month, the Bitmex peer-to-peer exchange (P2P) has reported an influx of attacks on the account's account credentials. # 39; user. In a message to customers, the exchange stressed the importance of property security measures
Also in June, cyber security researchers discovered a Trojan-propagated website posing as Cryptohopper, a site where users can program tools for automated cryptocurrency trading.