Android.Bankosy malware steals passwords sent through voice calls2016-01-14 01:58 by Daniela
Tags: Android.Bankosy, malware
Researchers from security company Symantec have recently revealed that the "two-factor authentication", used in online banking applications, is not secure any more. They have found that after recent update, the Android trojan called Android.Bankosy is able to intercept two-factor authentication voice codes by temporarily forwarding voice calls to the attacker's phone number.
One-time passcodes (OTP), or the so called two-factor authentication (2FA) is a crucial defense mechanism used for protecting login in many online banking applications. Companies like Google, Facebook, Microsoft, or Twitter have also implemented this feature. 2FA relies on a "second factor," which in most cases is a second one-time password sent to users via SMS messages or via an automated phone call.
Bankosy's intercepting feature is currently used in some Asian countries, where the attacker can easily set up call forwarding on the phone by entering and calling the "*21*[DESTINATION NUMBER]#" access code.
The malware can even lock the phone and put it on silent mode, forwarding calls meanwhile. Such attacks can go unnoticed if the user is not interacting with the phone at that particular moment.
Read more -here-