Hackers Now Hiding Behind Bitcoin to Invade Android Phones

Hacker Now Hiding behind bitcointo invade android phonesHacker Now Hiding behind bitcointo invade android phones

Android users beware!

If you didn’t see it, a couple weeks ago it was discovered that some malicious apps are now capable of accessing one-time passwords (OTPs) in SMS two-factor authentication (2FA) messages from Android notification systems, circumventing Google’s recent SMS restrictions.

This technique also works to obtain these passwords from some email-based 2FA systems and it is generally being sent from what looks to be one of the legitimate Bitcoin exchanges.

You can click here to read the full story: https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/

To stay safe from this new technique, and from financial Android malware in general:

  • Only trust cryptocurrency-related and other finance apps if they are linked from the official website of the service
  • Only enter your sensitive information into online forms if you are certain of their security and legitimacy
  • Keep your device updated
  • Use a reputable mobile security solution to block and remove threats; ESET systems detect and block these malicious apps as Android/FakeApp
  • Whenever possible, use software-based or hardware token one-time password (OTP) generators instead of SMS or email
  • Only use apps you consider trustworthy, and even then: only allow Notification access to those that have a legitimate reason for requesting it

A malware attack can paralyze your business. If you don’t have the time or resources to invest in these security activities, contact us for help!

Post a comment