Android malware steals voice two factor authentication

1

Experts from Symantec have recently reported about discovery of a new version of the banking Trojan called Android.Banksy, which steals users’ financial information. The difference between this Trojan and other malware of this kind is in that Android.Banksy is capable of intercepting two-factor authentication codes transmitted by voice calls.

Malware is constantly evolving, and so do the means of protection. Malicious software has already learned how to intercept one-time codes of two-factor authentication (2FA), which are called one-time passwords (OTP) and sent to the user via SMS. As a result, some financial institutions began to deliver OTPs via voice calls. The automatic system calls the user, and a robot reads aloud the one-time authentication code. Now specialists from Symantec have found that this method can not be considered reliable anymore.

The latest version of the Trojan is able to switch your smartphone to the silent mode and automatically intercept voice calls, including those when one-time passcodes are read. Symantec’s experts say that this feature is only working for a number of Asian countries so far.
As means of protection against such attacks, Symantec experts recommend a standard set of measures: users should update their software in time, install applications from trusted sources only, install a reliable anti-virus, and carefully watch what permissions are requested by every application they install.