This article is more than 1 year old

Updated Android malware steals voice two factor authentication

Unconditional call forwarding and silent mode means potent pwning.

Malware-makers are stepping up the assault on Android handsets and are now quietly redirecting phone calls to steal voice-based two factor authentication details.

An update to the Android.Bankosy trojan horse means it not only locks down handsets but steals data from hacked devices.

Symantec threat-throttler Dinesh Venkatesan says the trojan malware opens a backdoor which turns on unconditional call forwarding and silent mode such that victims are never alerted about redirected incoming calls.

"To improve the security of OTP (one time password) delivery, some financial organisations started delivering OTP through voice calls instead of SMS," Venkatesan says.

Android.Bankosy gets a unique identifier for the infected device in C&C communication.

"Once the malware is installed on the victim’s device, it opens a backdoor, collects a list of system-specific information, and sends it to the command and control server to register the device and then get a unique identifier for the infected device.

"If the registration is successful, it uses the received unique identifier to further communicate with the C&C server and receive commands."

It can intercept and delete incoming SMS, wipe data, and capture phone calls, Venkatesan says. ®

More about


Send us news

Other stories you might like