Android fans are being warned about new malware discovered on the Google Play Store which can bypass advanced security measures.
Android is one of the most used pieces of software in the world, with more than two billion devices running the Google mobile OS each and every month.
But Android users are no strangers to security alerts, with some recent widespread threats being circulated via apps found on the Goole Play Store.
Six Android apps that were downloaded a staggering 90million times from the Google Play Store were found to have been loaded with the PreAMo malware.
While another recent threat saw 50 malware-filled apps on the Google Play Store infect over 30million Android devices.
And now Android fans are being warned about a terrifying piece of malware that can bypass the advanced 2FA security protection.
Two-factor authentication (2FA) gives an extra layer of security, with users having to enter their password and a unique, one-time code.
The latter is sent via an SMS message or email, but this newly discovered malware can obtain this unique password – even without SMS or email permissions.
Security experts at ESET discovered the dangerous Android malware on apps found on the Google Play Store.
In a blog post researcher Lukas Stefanko wrote: “When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms.
“We have now discovered malicious apps capable of accessing one-time passwords (OTPs) in SMS 2FA messages without using SMS permissions, circumventing Google’s recent restrictions.
“As a bonus, this technique also works to obtain OTPs from some email-based 2FA systems.”
Stefanko’s research revealed that two apps found on the Google Play Store could read notifications on a victim’s phone and steal 2FA passwords.
The offending apps that ESET discovered impersonated the Turkish cryptocurrency exchange BtcTurk and phished for login credentials to the service.
The research explained: “The displayed content of all notifications from the targeted apps is sent to the attacker’s server.
“The content can be accessed by the attackers regardless of the settings the victim uses for displaying notifications on the lock screen.
“The attackers behind this app can also dismiss incoming notifications and set the device’s ringer mode to silent, which can prevent victims from noticing fraudulent transactions happening.”
The offending apps were reported to the Google Play Store by ESET and have since been removed.
Advising Android users on how to stay safe, Stefanko said: “If you suspect that you have installed and used one of these malicious apps, we advise you to uninstall it immediately.
“Check your accounts for suspicious activity and change your passwords.”
The ESET researcher also advised…
• Only trust cryptocurrency-related and other finance apps if they are linked from the official website of the service
• Only enter your sensitive information into online forms if you are certain of their security and legitimacy
• Keep your device updated
• Use a reputable mobile security solution to block and remove threats
• Whenever possible, use software-based or hardware token one-time password (OTP) generators instead of SMS or email
• Only use apps you consider trustworthy, and even then: only allow Notification access to those that have a legitimate reason for requesting it
Source: Read Full Article