Antivirus company ESET has reported that it has detected a number of malicious applications on Google Play that seek to gain access to one-time passwords to bypass two-factor authentication.
The fake apps were disguised as the legal cryptocurrency exchange BtcTurk.
After launching one of three applications (BTCTurk Pro Beta, BtcTurk Pro Beta and BTCTURK PRO), a request was sent to the user to access notifications, after which a window appeared for entering credentials into the BtcTurk system.
After entering the authentication data, the user received a message about technical problems and the inability to continue registration. All the information he entered and pop-up notifications with an authentication code were sent to a remote cybercriminals server.
That being said, the scammers only saw the pop-up text field. If it did not contain a password, then the attempt to bypass two-factor authentication failed.
ESET notes that the detection of malicious applications with such functionality is the first known case since the introduction of access restrictions Android – applications to the call log and SMS.