News  Android
Android two-factor authentication compromised


Malware known as "Android.Bankosy" has been identified by Symantec which attacks the SMS password two-factor authentication processes used by many online banking systems. Even the automated voice calls, which can be used as an alternative to the SMS method, can be intercepted by the attackers.

The malware has the ability to enable silent mode whilst locking the handset - this means the user is unaware they are being targeted.

Initially disclosed in 2014, variations of this malware have been detected which try to get the victim to enter their payment card details which are then forwarded on to the attackers,

The Bankosy trojan relies on a popup window which overlays a legitimate application, such as one for an online bank. 

Android Lollipop and later is safe

It turns out that in Lollipop and later, the "getRunningTasks" API is call is deprecated so it only returns a subset of the running tasks. Seems the smarts at Google had anticipated this kind of attack and pre-emtively guarded against it. Not much use to sluggish carriers who drag their feet when it comes to updating Android to those versions, but those who do won't see these pop ups and so are far better protected against it.

Are You Affected By The Trojan?

If you have downloaded third-party apps on your Android mobile device from unknown sources that are untrusted, potentially yes.

How Do I Protect Myself?

To safeguard your Android device against the threat it is recommended to follow these practices:

- Ensure your software is updated

- Do not download apps from random sites/unknown sources

- Install apps which are from trusted sources alone

- Read the permission requests an app asks for carefully

- Use a good mobile security app (like Norton) to safeguard your data/device

- Back-up important data frequently