Ethical Hacking Institute Course in Pune-India
Extreme Hacking | Sadik Shaikh

The year 2015 saw an unparalleled increase in the notorious financial trojans. These banking trojans get evolved with time and target the security improvements made by the financial institutions. One-time passwords — one such security measure for banking applications — are being intercepted by an Android malware named Android.Bankosy.

This banking trojan was already capable of stealing the two-factor authentication codes sent via SMS codes by cracking the security of 2FA systems. This malware intercepts the SMS messages and sends its content to the cyber criminals. As a result, 2FA witnessed an upgrade and allowed the users to receive one-time passwords via voice calls.

However, this Android trojan has recently graduated gaining the capability to steal your OTPs by intercepting voice calls as well. The researchers from Symantec have outlined this increased risk in their recent blog post and explained the working of malware.

How Android.Bankosy Trojan Steals OTPs?

android bankosy malware trojan working

Even before receiving the update, this trojan was able open a back door, collect the system-specific information, and send it to the C&C server to get a unique code for each infected device. After registering successfully, the malware uses that unique code to further talk to the C&C server and get commands.After the update, the trojan can now intercept 2FA codes by temporarily forwarding the voice calls to the hacker’s phone number. Commonly seen in some Asian countries, the attacker can easily enable unconditional call forwarding, using the *21*[DESTINATION NUMBER]# service code.

The next obvious step is to reroute the victim’s phone and control the calls via C&C server.

How To Protect Yourself From Android.Bankosy Trojan?

To protect yourself against such banking trojans, you are recommended to follow these simple steps:

  • Regularly update your phone’s software to patch the flaws
  • Don’t install apps from unknown sources
  • Every time an app makes request for additional permissions, closely pay attention
  • Make frequent backup of your data
  • Use a mobile security app to protect your device and data. Here are the best Android antivirus software, according to AV-Test.

 

www.extremehacking.org
CEHv9 CHFI ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India, ceh v9 course in Pune-India,ceh certification in pune-India, ceh v9 training in Pune-India,Ethical Hacking Course in Pune-India