Trusted

New Android 2FA Exploit Discovered, Wave of New Apps Targets Cryptocurrency Users

2 mins
Updated by Adam James
Join our Trading Community on Telegram
Nearly 75% of all mobile devices active today use some version of the Android operating system. Similarly, the great majority of users use their devices for managing their finances, making them a prime target for malware creators.
With so many devices running the operating system, it is clear that any vulnerability involving Android systems must be addressed as soon as possible, since the safety and personal data of potentially billions of users is at risk.

Google Android

Circumventing Google Restrictions

One such potentially devastating vulnerability was recently discovered by ESET, the IT security company behind the famous ESET NOD32 antivirus. The new vulnerability reportedly allows malicious code to extract incoming 2FA and OTP information, which could then be used to compromise the associated account. Back in March 2019, Google placed a restriction on Android apps, preventing most from seeking permission to access SMS and call log information on phones. According to Google, this information is considered, and hence should only be used by apps that require this information for their core functionality, such as phone and SMS handlers, in addition to digital assistants. By restricting which apps on Android are able to request and access such information, Google essentially laid the hammer down on many data mining and credential leaking apps. The newly discovered vulnerability bypasses this restriction by allowing apps to read incoming notification messages. These notification messages often contain OTP and 2FA codes which can then be retrieved by the malware and broadcast to an external server.

bitcoin payments

Cryptocurrency Users on Android Targeted First

The first malicious app analyzed by the ESET analysis team is a copycat version of the official BTCTurk app — a Turkish Bitcoin exchange platform. The malicious app, named “BTCTurk Pro Beta” used the novel 2FA bypass technique to steal 2FA codes, while a fake login screen was used to capture the users BTCTurk login credentials. Both the 2FA codes and login credentials were then sent to the attacker’s server. Initially, suspicions were raised about the counterfeit BTCTurk app when Android users began noticing that the fake app was available worldwide, whereas the original app is restricted to Turkish Android users.  Typically, most vulnerabilities that involve crypto users are exposed pretty quickly. For instance, a vulnerability involving a recent batch of Yubikey authentication devices was quickly recognized and rectified by the manufacturer, preventing any loss of funds. Despite not being developed specifically for cryptocurrency users, the Yubikey authentication keys find extensive use as a FIDO U2F stick, most commonly used by cryptocurrency traders. With many cryptocurrency users often storing substantial sums in their mobile wallets and thanks to the pseudo-anonymity of most cryptocurrencies, there is little wonder why cryptocurrency users are often the first to be targeted by new exploits. Do you think Google needs to do more to prevent counterfeit and data-mining apps from entering the Play Store on Android devices? Let us know your thoughts in the comments!
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Daniel_userpic_basic.jpg
Daniel Phillips
After obtaining a Masters degree in Regenerative Medicine, Daniel pivoted to the frontier field of blockchain technology, where he began to absorb anything and everything he could on the subject. Daniel has been bullish on Bitcoin since before it was cool, and continues to be so despite any evidence to the contrary. Nowadays, Daniel works in the blockchain space full time, as both a copywriter and blockchain marketer.
READ FULL BIO
Sponsored
Sponsored