Apps found on Google Play to bypass two-factor authentication

Antivirus company ESET has reported that it has detected a number of malicious applications on Google Play that seek to gain access to one-time passwords to bypass two-factor authentication.

The fake apps were disguised as the legal cryptocurrency exchange BtcTurk.

Apps found on Google Play to bypass two-factor authentication

After launching one of three applications (BTCTurk Pro Beta, BtcTurk Pro Beta and BTCTURK PRO), a request was sent to the user to access notifications, after which a window appeared for entering credentials into the BtcTurk system.

After entering the authentication data, the user received a message about technical problems and the inability to continue registration. All the information he entered and pop-up notifications with an authentication code were sent to a remote cybercriminals server.

That being said, the scammers only saw the pop-up text field. If it did not contain a password, then the attempt to bypass two-factor authentication failed.

ESET notes that the detection of malicious applications with such functionality is the first known case since the introduction of access restrictions Android – applications to the call log and SMS.

Rate article
About smartphones.
Add a comment