Android.Bankosy malware steals passwords sent through voice calls

Researchers from security company Symantec have recently revealed that the "two-factor authentication", used in online banking applications, is not secure any more. They have found that after recent update, the Android trojan called Android.Bankosy is able to intercept two-factor authentication voice codes by temporarily forwarding voice calls to the attacker's phone number.

One-time passcodes (OTP), or the so called two-factor authentication (2FA) is a crucial defense mechanism used for protecting login in many online banking applications. Companies like Google, Facebook, Microsoft, or Twitter have also implemented this feature. 2FA relies on a "second factor," which in most cases is a second one-time password sent to users via SMS messages or via an automated phone call.

Bankosy's intercepting feature is currently used in some Asian countries, where the attacker can easily set up call forwarding on the phone by entering and calling the "*21*[DESTINATION NUMBER]#" access code.

The malware can even lock the phone and put it on silent mode, forwarding calls meanwhile. Such attacks can go unnoticed if the user is not interacting with the phone at that particular moment.

Read more -here-

• Google releases emergency fix for new Chrome zero-day flaw
• Disney+, Hulu and Max team up for streaming bundle package
• OpenAI is reportedly working on a search feature for ChatGPT
• TikTok, ByteDance sue to block US law seeking sale or ban of app
• OpenAI partners with Stack Overflow to make models better at coding
• Dropbox breach exposes customer credentials, authentication data