The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Android.Bankosy malware steals passwords sent through voice calls

2016-01-14 01:58 by
Tags: ,

 

Researchers from security company Symantec have recently revealed that the "two-factor authentication", used in online banking applications, is not secure any more. They have found that after recent update, the Android trojan called Android.Bankosy is able to intercept two-factor authentication voice codes by temporarily forwarding voice calls to the attacker's phone number.

One-time passcodes (OTP), or the so called two-factor authentication (2FA) is a crucial defense mechanism used for protecting login in many online banking applications. Companies like Google, Facebook, Microsoft, or Twitter have also implemented this feature. 2FA relies on a "second factor," which in most cases is a second one-time password sent to users via SMS messages or via an automated phone call.

Bankosy's intercepting feature is currently used in some Asian countries, where the attacker can easily set up call forwarding on the phone by entering and calling the "*21*[DESTINATION NUMBER]#" access code.

The malware can even lock the phone and put it on silent mode, forwarding calls meanwhile. Such attacks can go unnoticed if the user is not interacting with the phone at that particular moment.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About