ESET reports that malicious applications have appeared in the Google Play Store that seek to gain access to one-time passwords to bypass two-factor authentication.
ESET experts have established that the malware is disguised as a legal BtcTurk cryptocurrency exchange. In particular, malware named BTCTurk Pro Beta, BtcTurk Pro Beta, and BTCTURK PRO was detected.
After downloading and installing one of these applications, the user is asked to access notifications. Next, a window appears for entering credentials into the BtcTurk system.
Entering authentication data ends with the victim receiving an error message. In this case, the provided information and pop-up notifications with an authentication code are sent to a remote server of cybercriminals.
ESET notes that the detection of malicious applications with such functions is the first known case since the introduction of restrictions on access of Android applications to the call log and SMS.
Fake cryptocurrency apps have been uploaded to Google Play this month. Currently, the detected programs have been removed, but attackers can download malicious applications with the described functions under other names on Google Play.
Source: 3dnews.ru