Security News > 2020 > March > TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions.

The name TrickMo is a direct reference to a similar kind of Android banking malware called ZitMo that was developed by Zeus cybercriminal gang in 2011 to defeat SMS-based two-factor authentication.

Abusing Android's Accessibility Features to Hijack OTP Codes Initially spotted by the CERT-Bund last September, the TrickMo campaign works by intercepting a wide range of transaction authentication numbers, including one-time password, mobile TAN, and pushTAN authentication codes after victims install it on their Android devices.

CERT-Bund's advisory went on to state that the Windows computers infected by TrickBot employed man-in-the-browser attacks to ask victims for their online banking mobile phone numbers and device types in order to prompt them to install a fake security app - now called TrickMo. But given the security threats posed by SMS-based authentication - the messages can be easily hijacked by rogue third-party apps and are also vulnerable to SIM-swapping attacks - banks are beginning to increasingly rely on push notifications for users, which contain the transaction details and the TAN number.

"From our analysis, it is apparent that TrickMo is designed to help TrickBot break the most recent methods of TAN-based authentication. One of the most significant features TrickMo possesses is the app recording feature, which is what gives TrickBot the ability to overcome the newer pushTAN app validations deployed by banks."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/fFWdOn3AYCs/trickbot-two-factor-mobile-malware.html