There is some serious trouble around the corner for all Android users as researchers have recently spotted a new type of malware hidden in the Google Play Store that can potentially beat Two-factor authentication (2FA) protection layer, set specifically for your passwords.
The revelation was first made by researcher Lukas Stefanko in his report for ESET Security and according to him the stealing process happens through malicious apps that use SMS or Email without your information to break into your phone. The identified apps can read the notification on the victim’s phone and immediately hide it, just to make sure that the person owning the phone should know nothing about what happened.
There are currently two apps available on the app store with similar capabilities and both are categorized as Turkish cryptocurrency exchange impersonating tool with the name of “BTCTurk Pro Beta” - available by two different vendors, and the other is called “BTCTURK PRO” which seems an exact copy of the former. Apart from that, “Koineks” has been making rounds lately for performing the same hack, however it lacks the functionality to dismiss the notification.
The only thing common in these apps is the fact that they ask for “notification access” from users and it basically acts as a benign request. Once given the access, these apps can see the content in notifications belonging to any other app on the device, dismiss them right away or even automatically click on any links within these notifications.
The main apps welcome you with a login page and entering the specified information promises to direct you to the BtcTurk platform. But that is where the trap begins as the phishing form sends the login credentials to the server of hackers.
This overall seems to be a clever response to Google’s strict policy change related to the SMS and Call Log permissions back in March, that also caused a lot of irritation for legitimate apps like ESET’s Mobile Security Solution. That being said, you can protect yourself from such malware by downloading cryptocurrency apps only from the official website of the service. For better alternatives, you can also try mobile security solution, or keep the apps and your Android phone up to date at all times.
Read next: AV-TEST's Research Explains why you should Immediately Switch from Google Play Protect to another App for Securing your Android Device!
The revelation was first made by researcher Lukas Stefanko in his report for ESET Security and according to him the stealing process happens through malicious apps that use SMS or Email without your information to break into your phone. The identified apps can read the notification on the victim’s phone and immediately hide it, just to make sure that the person owning the phone should know nothing about what happened.
There are currently two apps available on the app store with similar capabilities and both are categorized as Turkish cryptocurrency exchange impersonating tool with the name of “BTCTurk Pro Beta” - available by two different vendors, and the other is called “BTCTURK PRO” which seems an exact copy of the former. Apart from that, “Koineks” has been making rounds lately for performing the same hack, however it lacks the functionality to dismiss the notification.
The only thing common in these apps is the fact that they ask for “notification access” from users and it basically acts as a benign request. Once given the access, these apps can see the content in notifications belonging to any other app on the device, dismiss them right away or even automatically click on any links within these notifications.
The main apps welcome you with a login page and entering the specified information promises to direct you to the BtcTurk platform. But that is where the trap begins as the phishing form sends the login credentials to the server of hackers.
This overall seems to be a clever response to Google’s strict policy change related to the SMS and Call Log permissions back in March, that also caused a lot of irritation for legitimate apps like ESET’s Mobile Security Solution. That being said, you can protect yourself from such malware by downloading cryptocurrency apps only from the official website of the service. For better alternatives, you can also try mobile security solution, or keep the apps and your Android phone up to date at all times.
Read next: AV-TEST's Research Explains why you should Immediately Switch from Google Play Protect to another App for Securing your Android Device!
