Her researchers ESET have discovered counterfeit cryptocurrency applications that use an unprecedented authentication bypass technique 2FA based on SMS, thus violating the recent restrictions on its SMS licenses Google.
Τin March 2019, the Google restrict the use of licenses for SMS messages and Call Log in Android applications, in order to protect users from annoying applications with illegal purposes.
The applications, called "BTCTurk Pro Beta","BtcTurk Pro Beta" and "BTCTURK PRO"Imitate the Turkish cryptocurrency exchange BtcTurk and" fish "connection credentials in the service. These malicious applications do not steal SMS messages to bypass 2FA protection of users' accounts and transactions, instead, they obtain the one-time code (OTP) from the notifications displayed on the screen of the compromised device. But in addition to the ability to "read" 2FA alerts, applications can also delete them, making it difficult for victims to detect illegal transactions. All three applications were uploaded to Google Play in June 2019 and were removed immediately after its update ESET.
Once installed and running, the fake applications request permission to access the notifications. They can then read notifications displayed by other applications installed on the device, reject them, or click buttons that contain them. According to ESET analysis, the cybercriminals behind these applications specifically target notifications from SMS and email applications.
«Thanks to restrictions imposed by Google in March 2019, applications that stole login credentials had lost the ability to abuse the licenses they needed to bypass SMS-based 2FAs. However, discovering these fake applications, we saw for the first time a malware bypassing this restriction on SMS permissionsSaid ESET researcher and author of the study, Lukáš ftefanko.
The right to access notifications first appeared in Android Jelly Bean 4.3, which means that almost all active Android devices are vulnerable to this new technique. Fake BtcTurk applications can run on Android version 5.0 (KitKat) and above. This practically means that they affect about 90% of Android devices.
This technique has some limitations in its effectiveness in circumventing 2FA certification - intruders only have access to text that matches the text field of the alert, so it is not certain that the text will contain the OTP code. In SMS for 2FA, the messages are generally short and the OTP codes are likely to match the alert message. However, in 2FA emails, the length and format of the message is more varied, possibly affecting cybercrime access to the data.
Η ESET urges users suspected of using one of these malicious applications to uninstall them immediately by checking their account for suspicious transactions. To stay generally safe from any malware on Android, ESET offers the following tips:
- Trust cryptic and financial services applications only if they are linked to their official website.
- Only enter your sensitive information into electronic forms if you are confident about their security and legitimacy.
- Keep your device up to date.
- Use a reliable mobile security solution to block and remove threats.
- Prefer software-based (OTP) code-based services or token-based services over SMS or email.
- Use only trusted applications, but even then, allow them to access notifications only if there is a good reason.
ΜDo not forget to join (register) in our forum, which can be done very easily by the following button…
(If you already have an account in our forum you do not need to follow the registration link)
Follow us on Telegram!
