ESET has warned about the emergence of malicious applications for cryptocurrency, which use a new technique to bypass two-factor authentication based on SMS-messages.
The so-called two-factor authentication (2FA), which is an additional method of protection, in addition to the usual introduction of a username and password, is currently considered to be the main deterrent against intruders. Malicious software detected by ESET specialists bypasses the 2FA procedure, independently using a one-time password notification from an infected device.
An Android application called Koineks disguises itself as a cryptocurrency exchange program and steals login data into your account. This malicious Android application was uploaded to Google Play in May 2019 and installed by over 100 users before deletion from the store.
Instead of intercepting SMS messages to bypass two-factor authentication, the program receives a one-time password (OTP) from notifications that are displayed on the display of the infected device. Thus, the attackers manage to bypass the restrictions on access to SMS notifications and call logs in Android programs recently introduced by Google.
Once installed and launched, the malware requests a permission called “Notification access”, which allows it to view the contents of the pop-up messages. According to an ESET study, attackers specifically target pop-up SMS messages or other programs.
“One of the positive effects of Google’s March 2019 restrictions was that malicious applications for identity theft lost the ability to use permissions, which allowed attackers to intercept SMS during the two-factor authentication process. However, the detected malicious Android application for the first time since the introduction of the new policy bypasses the restrictions imposed, ”said ESET employee Lukasz Stefanko.
Since launching Koineks is possible on version 5.0 (KitKat) devices, software is dangerous for 90% of Android users.