image
The TrickBot trojan has a new trick up its sleeve for bypassing a new kind of two-factor authentication (2FA) security method used by banks – by fooling its victims into downloading a malicious Android app. The app, which researchers dubbed “TrickMo,” is still under active development. While TrickMo is being currently deployed against TrickBot victims in Germany, researchers say that it can be used to target any bank or region — and they expect to see frequent changes and updates in the future. “Though it’s not the first of its kind, this Android malware app is more sophisticated than similar apps, and possesses interesting features that enable its operators to steal transaction authorization codes from victims who download the app,” said Pavel Asinovsky, malware researcher with IBM X-Force, in a Tuesday analysis. Researchers first discovered the mobile app after a September 2019 tweet by CERT-Bund flagging TrickBot using man-in-the-browser techniques. Man-in-the-browser is a threat related to man-in-the-middle (MiTM), which occurs when an attacker compromises a web browser and then modifies the browser’s web pages. In this case, TrickBot was modifying the pages to ask the victims for their mobile phone numbers and device operating system types (Android or iOS). If victims indicated that they were using Android-based devices, the trojan would then use web injections and social engineering to fool the victim into installing a fake security app — this turned out to be the…

Source