Hackers Now Hiding Behind Bitcoin to Invade Android Phones


Android users beware!

If you didn’t see it, a couple weeks ago it was discovered that some malicious apps are now capable of accessing one-time passwords (OTPs) in SMS two-factor authentication (2FA) messages from Android notification systems, circumventing Google’s recent SMS restrictions.

This technique also works to obtain these passwords from some email-based 2FA systems and it is generally being sent from what looks to be one of the legitimate Bitcoin exchanges.

You can click here to read the full story: https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/

To stay safe from this new technique, and from financial Android malware in general:

  • Only trust cryptocurrency-related and other finance apps if they are linked from the official website of the service
  • Only enter your sensitive information into online forms if you are certain of their security and legitimacy
  • Keep your device updated
  • Use a reputable mobile security solution to block and remove threats; ESET systems detect and block these malicious apps as Android/FakeApp
  • Whenever possible, use software-based or hardware token one-time password (OTP) generators instead of SMS or email
  • Only use apps you consider trustworthy, and even then: only allow Notification access to those that have a legitimate reason for requesting it

A malware attack can paralyze your business. If you don’t have the time or resources to invest in these security activities, contact us for help!

Post a comment