A virus attacks Android SMS

For better security, many services Web propose thetwo-step authentication with a mobile phone number, a process that sends a SMS the user with a one-time code to enter in addition to his usual pbadword when he identifies himself on the site. This adds extra security, since an attacker will not be able to access the account only by stealing the pbadword. There are different ways for hackers to bypbad this feature. One is social engineering, where a scammer contacts the mobile operator's customer service by pretending to be the victim, in order to transfer the line, and thus to receive the SMS containing the code.

Another method was to infect the victim's mobile with an application to read the SMS. However, Google, publisher ofAndroid, did the cleaning last March by limiting the access of applications SMS and removing the apps from the Play Store who asked for permission without being able to justify it. This put an end to programs that were simply malware intended to intercept the verification codes of theauthentication in two stages. Unfortunately, the respite was short duration.

Notifications display SMS content

The publisheranti-virus Eset has discovered new applications that have put in place an ingenious way to circumvent the restrictions created by Google. In one post published on his blog, the firm detailed the process used by this new malware called Android / FakeApp.KP. Rather than accessing SMS directly from the device, these applications simply asked for access to notifications.

When receiving an SMS, its content is displayed as a notification on the smartphone, and can therefore be intercepted by the malware. This technique even offers an advantage over a direct access SMS, since it also works with some two-step authentication systems that send the single-use code by e-mail, which is also displayed as a notification. However, the method has a limit, since it only has access to the truncated text displayed in the notification, and not to the full content of the messages. For an SMS this is enough, but for the emails the malware has access to the code, only if it is included in the beginning of the message.

Only a cryptocurrency exchange site is targeted for the moment

To date, these applications target the Turkish cryptocurrency exchange site BtcTurk. By masquerading as a legitimate application for the service, the malware manages to trap the user who then enters his credentials. The scammers get the pbadword and the one-time code to access the victim's account.

In order to prevent the victim from realizing that the application is fraudulent and does not offer any real access, it displays an error message after entering the identifiers, indicating that the mobile application is currently out of service because a change in the SMS verification system. The malware can then silently wipe the smartphone and delete any new notifications so that the victim is not informed of fraudulent transactions on his account. via e-mail, SMS or other application.

What you must remember

• In the Play Store, a malware is hidden in fake applications.
• After installation, the application offers to display its own notifications.
• This lure on the contrary makes it possible to access the contents of SMS.

Did you like this article ? Feel free to share it with your friends and help us spread Futura :)! The Editor thanks you.