Geeks for your information
TrickBot App Bypasses Non-SMS Banking 2FA - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: TrickBot App Bypasses Non-SMS Banking 2FA (/showthread.php?tid=10837)



TrickBot App Bypasses Non-SMS Banking 2FA - silversurfer - 25 March 20

Quote:TrickBot victims are being fooled into downloading an app that records their screens – stealing non-SMS 2FA passcodes for banking websites.
 
The TrickBot trojan has a new trick up its sleeve for bypassing a new kind of two-factor authentication (2FA) security method used by banks – by fooling its victims into downloading a malicious Android app.
 
The app, which researchers dubbed “TrickMo,” is still under active development. While TrickMo is being currently deployed against TrickBot victims in Germany, researchers say that it can be used to target any bank or region — and they expect to see frequent changes and updates in the future.
 
“Though it’s not the first of its kind, this Android malware app is more sophisticated than similar apps, and possesses interesting features that enable its operators to steal transaction authorization codes from victims who download the app,” said Pavel Asinovsky, malware researcher with IBM X-Force, in a Tuesday analysis.

Read more: https://threatpost.com/trickbot-app-bypasses-non-sms-banking-2fa/154080/