The TrickBot trojan has a new trick up its sleeve for bypassing a new kind of two-factor authentication (2FA) security method used by banks – by fooling its victims into downloading a malicious Android app. The app, which researchers dubbed “TrickMo,” is still under active development. While TrickMo is being currently deployed against TrickBot victims in Germany, researchers say that it can be used to target any bank or region — and they expect to see frequent changes and updates in the future. “Though it’s not the first of its kind, this Android malware app is more sophisticated than similar apps, and possesses interesting features that enable its operators to steal transaction authorization codes from victims who download the app,” said Pavel Asinovsky, malware researcher with IBM X-Force, in a Tuesday analysis. Researchers first discovered the mobile app after a September 2019 tweet by CERT-Bund flagging TrickBot using man-in-the-browser techniques. Man-in-the-browser is a threat related to man-in-the-middle (MiTM), which occurs when an attacker compromises a web browser and then modifies the browser’s web pages. In this case, TrickBot was modifying the pages to ask the victims for their mobile phone numbers and device operating system types (Android or iOS). If victims indicated that they were using Android-based devices, the trojan would then use web injections and social engineering to fool the victim into installing a fake security app — this turned out to be the…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-03-25 09:12:002020-03-25 09:12:00TrickBot App Bypasses Non-SMS Banking 2FA
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com