Loading...

Internet security firm ESET exposes fake apps bypassing Google’s message restrictions

fraud sa bitcoin scam

Contents

Share link:

TL;DR

Analysts from the security firm ESET uncovered that fraudulent crypto apps have been employing a method to bypass authentication mechanisms on Google.

Google had recently imposed restrictions on SMS and calling for Android apps to prevent illicit firms from exploiting them.

The said apps, named BTCTurk Pro Beta, BtcTurk Pro Beta and BTCTURK PRO had created impressions of a legitimate Turkish crypto firm – BtcTurk – to gain access to the services.

Once the fraudulent versions of the BtcTurk apps are downloaded by a user, they ask for notification access from the user. Upon doing this, the apps can them peruse notifications from other apps on the user’s device and exploit them for their own financial gain.

“One of the positive effects of Google’s restrictions from March 2019 was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based 2FA mechanisms. However, with the discovery of these fake apps, we have now seen the first malware sidestepping this SMS permission restriction,” said Lukáš Štefanko, a researcher from ESET.

The notification feature was implemented recently in the Jelly Bean 4.3 version of Android, which signifies that almost all current Android devices could fall prey to the scam’s methods of intrusion. The fraudulent BtcTurk apps could operate on a vast majority of Android devices of the day.

Despite this, the fake apps’ preferred technique of intrusion does come with its setbacks: The scam’s operators can only gain access to content that fits the text field.

This means that all text will not be included in the OTP. Messages that are shorter and more concise will likely be left out of the notification message.

Share link:

Siranjeev Santhanam

Siranjeev has been involved in content development and professional writing for over five years now. He's worked with tech firms, digital management companies and news outlets. Cryptocurrency has occupied one of his top interests for a few years now, and he's really passionate about this booming new sector.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Cyber Heist of Over $145 Million in Ether Laundered Following Heco Bridge Exploit
Cryptopolitan
Subscribe to CryptoPolitan