Microsoft warns about Android spy stealing 2FA codes
Microsoft spoke about dangerous spyware that attacks users of mobile devices on Android. According to experts, the authors of the malware disguised it as software for rewarding credit cards.
Apparently, Microsoft is describing a new version of the malware that Cyble experts warned about at the end of 2021. Spyware allows operators to remotely control it.
The latest release of the malware has received new backdoor functionality and much more thoughtful obfuscation. Once on the victim’s device, the spy can intercept two-factor authentication (2FA) codes to enter banking app accounts.
In addition, the malware steals credentials and personal information that it can get to. Microsoft detects the spy as TrojanSpy:AndroidOS/Banker.O.
It is worth noting that when launched, the malware requests certain permissions in the system, without which it will not be able to fully use its functionality. Moreover, the spy asks the user to enter their bank card details, which should immediately alert a more or less adequate owner of an Android device.
“The Trojan’s malicious APKs contain the official logo of one of the banks in order to mislead users for sure. This suggests that the authors of the malware are constantly improving their offspring, ” writes the corporation from Redmond.
The spyware uses Android functions – MainActivity, AutoStartService and RestartBroadCastReceiverAndroid – to be able to intercept calls, extract call history, messages, contacts, and network information, and change Android device settings.
The socket.io open-source library is used by malware authors