The crypto community just can’t seem to catch a break as 2019 turns more and more about security breaches for the cryptoverse. It is the Android users specifically that should be on guard right now as the cybersecurity company, ESET, has reported about a new Android malware. In order to phish for login credentials, the malicious apps are impersonating the Turkish cryptocurrecy exchange, BtcTurk.
ESET, which is known as the mastermind behind the major antivirus software NOD32, revealed on June 17 that the malware sidesteps Google’s SMS permissions restrictions in order to acquire the two-factor authentication (2FA) codes received through SMS.
The report reveals that there are certain malicious applications capable of gaining access to the one-time passwords, which are sent to users for verification purposes via SMS. The apps achieve this goal by bypassing the restrictions implemented by the search engine giant, Google. In addition to that, the very same technique can be applied when it comes to accessing email-based codes.
The report explains that the malware is intercepting SMS messages for the OTP from the user’s notifications that appear on the compromised device’s display.
Aside from gaining access and reading the 2FA notifications, the malware containing apps also have the ability to dismiss them so as to prevent the victims from noticing all the fraudulent transactions that are happening from their personal accounts.
Moreover, there have been several malicious apps pretending to be BtcTurk to prey on unsuspecting victims. As per the report, the frrst malicious app was uploaded on Google Play earlier this month on 7th, dubbed the “BTCTurk Pro Beta” under the developer name “BTCTurk Pro Beta”. Unfortunately, the app had already been installed by more than 50 users before ESET could report it to Google’s security team.
Then comes the second app, which, per the report, was uploaded on June 11 and was being referred to as “BtcTurk Pro Beta” under the developer name “BtSoft”. Luckily, this time the malicious app was reported well before 50 people could install it. The second app, despite bearing similarity to its predecessor, was the work of different attackers. Nonetheless, it got removed from Google Play Store.
After the removal of the second malicious app, the same attackers purportedly uploaded yet another app with identical functionality. This time around it was named as “BTCTURK PRO”; however, it had the same developer name, icon and even screenshots.
“Crypto exchange impersonating malware” seem to fancy Turkish exchanges as BtcTurk isn’t the only exchange to have been victimized by such malicious apps. In fact, just last week ESET analyzed yet another malicious app impersonating the cryptocurrency exchange Koineks that also happens to be Turkish.
The fake and malicious Koineks app leverages the same technique as in the case of BtcTurk, bypassing SMS-based and email-based two-factor authentication. The only difference lies in the malware’s inability to dismiss and silent notifications.
Under such circumstances, it is imperative for the crypto community to stay vigilant and uninstall any software that even remotely matches the aforementioned criteria. Users should check they accounts on frequent basis and keep an eye out for any suspicious activity in addition to changing their passwords as well.
ESET had warned the crypto community about the impending malware last month, when the price of bitcoin surged. The cyber security company has also laid down some safety precautions for this Android malware situation, including:
- Only trust cryptocurrency-related and other finance apps if they are linked from the official website of the service
- Whenever possible, use software-based or hardware token one-time password (OTP) generators instead of SMS or email
- Only use apps you consider trustworthy, and even then: only allow Notification access to those that have a legitimate reason for requesting it
The bitcoin price surge was definitely a moment of joy for the crypto community; however, it does seem to have opened the Pandora’s Box for security breaches. Only earlier this month, the peer-to-peer (P2P) cryptocurrency exchange BitMEX reported an influx of attacks specifically on user’s account details.
The importance of security measures cannot be stressed enough. In the case of BitMEX, the compromised accounts majorly belonged to the users with weak or reused passwords, which is sloppy when it comes to security and makes 2FA all the more important in addition to constant vigilance.