One of the elements that has represented an obstacle for full-blown crypto adoption worldwide is the fear of scams and hacking activity. Sadly, malware developers are continually lurking around the digital universe, and holders of crypto assets have been suffering the effects and consequences of security breaches and cybercriminals’ activities for several years now.
The most recent development on that front is that ESET, which is a cybersecurity firm known for developing the antivirus software NOD32, reported in the past few hours that a new, dangerous malware related to Android has the ability to avoid Google’s SMS permissions restrictions in order to intercept two-factor authentication (2FA) codes that people get via SMS.
Avoiding Google-Implemented Restrictions
According to the report, several malicious applications are able to access one-time passphrases sent to people in the way of SMS by dodging Google-implemented restrictions that were recently established. Cybercriminals, purportedly, are also implementing the approach to access email-based codes, a development that does not bode well for users’ overall security.
The apps mentioned in the report impersonate BtcTurk, a well known crypto exchange from Turkey, implementing phishing techniques to obtain people’s login details and take advantage of them.
The malware in question “instead of intercepting SMS messages to bypass 2FA protection on users’ accounts and transactions, these malicious apps take the OTP from notifications appearing on the compromised device’s display.”
Dismissing 2FA Notifications
Sadly, the dangers of the situation do not end there. Allegedly, the app can also implement detecting measures to avoid people from noticing the attack as it is performed. “Besides reading the 2FA notifications, the apps can also dismiss them to prevent victims from noticing fraudulent transactions happening.”
The first application that showed the mentioned capabilities has nearly two weeks on the Google Play Store, as it was uploaded there on June 7th, named BTCTurk Pro Beta, with the developer being BTCTurk Pro Beta. More than 50 users downloaded and installed it before ESET reported the issue to Google. After this happened, two other versions of the malicious app appeared on the Google Play Store, only to be removed later.
Unfortunately, hackers and identity thieves are a common occurrence in the cyber space, let alone crypto exchanges. Besides the situation with BTCTurk, other platforms have reported similar developments this year, which has, subsequently, increased concern among investors and the community in general.
Other Known and Recent Cases
For example, peer to peer (P2P) crypto exchange BitMEX also made the news earlier in June, as it reported an increasing influx of attacks on people’s account and log in credentials. In fact, BitMEX issued a statement telling users the huge importance of implementing proper security mechanisms.
Researchers in the cyber security industry found, in recent days, a website that was spreading the dreaded Trojan. The modus operandi involved hackers disguising users and making them think they were accessing Cryptohopper, a page for programming tools for automated crypto trading.
By Andres Chavez
