Wednesday, June 3, 07:11
Home security Google: Hackers bypass 2FA Authentication security!

Google: Hackers bypass 2FA Authentication security!

When Google restricted the use of login rights SMS and Call Log applications Android in March of 2019, one of the positive results was that apps that shed credentials lost the option to abuse these rights to bypass two-factor authentication (2FA).

Unfortunately, however, malicious apps that have access to one hour passwords have recently been found (OTP) to SMS 2FA without using SMS rights, bypassing Google's recent restrictions. As a bonus, this technique also works to acquire OTPs from some systems 2FA.


Applications imitate the Turkish cryptocurrency exchange BtcTurk and attack through phishing to steal login credentials into the service. Malicious applications receive OTP from the alerts displayed on the victim's screen. In addition to reading 2FA notifications, apps can also hide them to prevent the attackers from capturing the attack.

Malicious software, all of whose forms are detected by products ESET is the first to bypass the new SMS permission restrictions.

The first of them malicious applications Detected, uploaded to Google Play on 7 June 2019 as "BTCTurk Pro Beta" under the developer name "BTCTurk Pro Beta". It was installed by more than 50 users before being reported by ESET to Google security teams. BtcTurk is a Turkish cryptocurrency exchange. The official mobile app is linked to the exchange site and is only available to users in Turkey.

The second application was uploaded on 11 June 2019 as "BtcTurk Pro Beta" under the developer name "BtSoft". Although the two applications use a very similar formulation, they appear to be the work of several attackers. The application was reported to 12 June 2019 when it was installed by fewer than 50 users.

After removing this second application, the same intruders uploaded another application with the same functionality, this time under the name "BTCTURK PRO" and using the same developer name, icon and screenshots. Application reported on 13 June 2019.

For more technical details, click here.


Please enter your comment!
Please enter your name here


Samsung Access: Samsung's new service for new Galaxy devices!

Samsung has launched a new subscription service for upgrades, starting with the Galaxy S20 series. The new service, named Samsung ...

Microsoft: The tools that will now be available to everyone!

Microsoft now has the "Virtual Assistant Accelerator" and "Bot Framework Composer" tools for its entire user base. Developers can ...

Sony: Cancel PS5 event due to Floyd case!

The event that Sony had planned for the PS5 on June 4 was postponed indefinitely, due to the deplorable situation that prevails ...

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running NX-OS software to install updates to address a serious flaw ...

Windows 10 May 2020 Update: Get Windows 10 for € 9.09

As we all know, Windows 10 May 2020 Update has been released. It is safer, more reliable and more efficient than ever. It is certain that with ...

Anonymous's hack includes data from previous leaks!

As protests over the death of George Floyd in Minneapolis have spread across the United States, cyberattacks have targeted police ...

Critical Exim errors have been fixed, but many servers are still at risk

The update of Exim mail servers is not fast enough and the members of the Russian hacker Sandworm team are actively exploiting three critical ...

New Cisco vulnerability that concerns you!

A new critical Cisco vulnerability has been identified that concerns you: For those who don't know, Cisco recently announced that some of the servers ...

Antifa tweets from extreme rightists call for violence!

The "Antifa tweets" that flooded Twitter and promoted violence, actually came from a well-known far-right group! The information came in ...

Apple introduces the new USB-C Diagnostic Tool

Apple introduces the new USB-C Diagnostic Tool. See the new features: Apple finally brings the new internal USB-C Diagnostic Tool, ...