The operators of the TrickBot banking malware have developed an Android app that can bypass some of the two-factor authentication (2FA) solutions employed by banks.
This Android app, which security researchers from IBM have named TrickMo, works by intercepting one-time (OTP) codes banks send to users via SMS or push notifications.
TrickMo collects and then sends the codes to the TrickBot gang's backend servers, allowing the crooks to bypass logins or authorize fraudulent transactions.
According to a report published today by IBM, only users that have been previously infected with the (Windows) desktop version of the TrickBot malware are exposed to these attacks.
Furthermore, the TrickMo is not broadly used in the wild.
Currently, it's only deployed against German users, primarily because German banks have a broader deployment of OTP protections, and Germany has always served as a testing ground for new TrickBot features.
