TrickBot App Bypasses Non-SMS Banking 2FA

2020-03-25 13:12

The TrickBot trojan has a new trick up its sleeve for bypassing a new kind of two-factor authentication security method used by banks - by fooling its victims into downloading a malicious Android app.

Researchers first discovered the mobile app after a September 2019 tweet by CERT-Bund flagging TrickBot using man-in-the-browser techniques.

If victims indicated that they were using Android-based devices, the trojan would then use web injections and social engineering to fool the victim into installing a fake security app - this turned out to be the TrickMo app.

Once downloaded, the app steals personal device information, intercepts SMS messages, locks the phone, steals pictures and records the device screen.

Once downloaded, TrickMo uses the accessibility settings to carry out various malicious operations, including preventing users from uninstalling the app, becoming the default SMS app, monitoring any running apps and scraping on-screen text.

News URL

https://threatpost.com/trickbot-app-bypasses-non-sms-banking-2fa/154080/

#2FA #banking #trickbot