Malware News Android Banking Trojan with 10K Installs Can Bypass Two-Factor Authentication

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
Content source
https://news.softpedia.com/news/android-banking-trojan-with-10k-installs-can-bypass-two-factor-authentication-522909.shtml
In a detailed report published on his blog, security researcher Lukas Stefanko detailed how a banking Trojan posing as a legitimate phone call recording application steals bankings information from compromised Android devices.

The infected app was installed on more than 10,000 Android devices, and it managed to steal banking credentials even though SMS two-factor authentication was enabled on the test device with the help of Android's accessibility services.

According to ESET's mobile security researcher, the QRecorder Android app was initially a malware-free application but, in a subsequent release, the developer decided to include the banking Trojan to make some quick money.
Click to expand...
 
  • Like
Reactions: Andy Ful, Weebarra, Gandalf_The_Grey and 4 others
E

Entreri

Level 7
Verified
May 25, 2015
342
This is why I never bank using smartphones...these banking apps ask you to save your password too, lol!

What if someone steals your phone? Most of these Android phones are elementary to get into.
 
  • Like
Reactions: Kuttz, Al-Faqir and harlan4096
Quassar

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
Entreri said:
This is why I never bank using smartphones...these banking apps ask you to save your password too, lol!

What if someone steals your phone? Most of these Android phones are elementary to get into.
Click to expand...

Me too, exacly that why smartphone security is more sux than even windows....
 
  • Like
Reactions: Kuttz
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Entreri said:
This is why I never bank using smartphones...these banking apps ask you to save your password too, lol!

What if someone steals your phone? Most of these Android phones are elementary to get into.
Click to expand...
None of the Banking Apps I have used allow to Save Login Credentials, they either require a long PIN or Fingerprint.

If that option is available, do not use it.

It's your responsibility to take the necessary precautions (Anti-Theft enabled, a non-guessable 6+ digit PIN, Biometric (Fingerprint, Iris). But if your phone does get lost or get stolen, then you should be able to remotely locate, activate siren or wipe the device before it's put into Airplane mode or Turned off.

Al-Faqir said:
One should use a dedicated device for banking where possible.
Click to expand...
It's never a good idea to use a Shared PC for Internet Banking, or a Shared device for Mobile Banking. You should just use Telephone Banking instead, @Entreri
 
  • Like
Reactions: harlan4096 and silversurfer
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
    • Wow
Anatsa Android trojan now steals banking info from users in US, UK
Replies
0
Views
883
News Archive
MuzzMelbourne
MuzzMelbourne
silversurfer
    • Like
    • +Reputation
Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
Replies
0
Views
1,190
News Archive
silversurfer
silversurfer
MuzzMelbourne
    • Like
    • +Reputation
New AhRat Android malware hidden in app with 50,000 installs
Replies
0
Views
878
News Archive
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top