This dangerous Android malware skips two-step verification

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email
Share on whatsapp

Two-step verification Google

Two-step verification It is a method to log in safely to your apps or web pages, about which we have spoken on several occasions. Millions of Android users in Spain use this method in some of their accounts, as it is seen as the safest method. Although a malware has been discovered that also manages to bypass security on this system.

Check Point has published a security investigation conducted, where such malware has been discovered on Android. A group of Iranian hackers used a series of tools with which to have access to the victims’ devices, even skipping said two-step verification.

A malware that skips two-step verification

The volume button on your Android unlocks your Google account

Among the tools that have been discovered used by this group, there is one that allows you to bypass the 2FA method. In this case, it is a malware that has been designed to create a backdoor on Android devices. By entering the same on phones, hackers have access to the list of contacts or messages (both sent and received), as well as recordings made with the microphone or open fake web pages.

By having such control over the device, two-step verification can be skipped. Since this system usually sends an SMS to the user when logging into an account and has to confirm the code that has been sent by SMS, in order to have access to the account. This code is sent to a phone number listed above. What these hackers did was detect and forward these SMS messages at all times.

Also, they opened a fake website making the user believe that it is a real website, so that they can obtain the user’s credentials, without the user knowing what is happening. Despite the fact that it was a group of Iranian hackers, the malware has been discovered in an app in Sweden, intended for Persian speakers to learn the driving rules in Sweden, as the process of obtaining a driving license.

Malicious apps

It is not known how many affected there are, but it seems to be somewhat limited. Although it shows that the Two-step verification can also run some dangers. Although it is currently the safest and most reliable method when logging into your accounts, so it is still recommended to use it.

The entry This dangerous malware for Android bypasses the two-step verification appears first in The Free Android.