Report: Android Phishing Malware Impersonates Turkish Cryptocurrency Exchange

Published at: June 17, 2019

The cybersecurity company behind major antivirus software NOD32, ESET, reported on June 17 that new Android malware sidesteps Google’s SMS permissions restrictions to get hold of two-factor authentication (2FA) codes received via SMS.

Per the report, some malicious apps are capable of accessing one-time-passwords sent to users via SMS by circumventing the restrictions recently implemented by Google. Furthermore, the same technique reportedly also allows for accessing email-based codes.

According to the author, the apps in question impersonate Turkish cryptocurrency exchange BtcTurk and phish for login details to the service. The malware, “instead of intercepting SMS messages to bypass 2FA protection on users’ accounts and transactions, these malicious apps take the OTP from notifications appearing on the compromised device’s display.” The app also takes measures to prevent the user from noticing the ongoing attack:

“Besides reading the 2FA notifications, the apps can also dismiss them to prevent victims from noticing fraudulent transactions happening.”

The first app to act as such was uploaded onto Google’s Play Store on June 7 under the name BTCTurk Pro Beta by developer account BTCTurk Pro Beta and has been installed by over 50 users before ESET allegedly reported it to Google. After this first instance, another two versions of the app were uploaded and then subsequently removed from the store.

As Cointelegraph reported earlier this month, peer-to-peer (P2P) cryptocurrency exchange BitMEX has reported an influx of attacks on user account credentials. In a message to clients, the exchange stressed the importance of property security measures

Also in June, cyber security researchers found a Trojan-spreading website masquerading as that of Cryptohopper, a site where users can program tools for automated cryptocurrency trading.

Tags
Related Posts
Malware on Official Monero Website Can Steal Crypto: Investigator
The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team. The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes. The software was malicious On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating: “I can confirm that …
Altcoin / Nov. 19, 2019
Developers Propose Plan to Protect Ethereum Classic Network From Further Attacks
Ethereum Classic (ETC) accelerator Ethereum Classic Labs announced a plan to protect the blockchain from further attacks. On Aug. 19 the organization proposed taking immediate action in implementing long-term changes to the network architecture over the next three to six months. The accelerator decided to focus their efforts on improving the network’s security after recent attacks on the blockchain. The immediate measures proposed by Ethereum Classic Labs include a “defensive mining” cooperation with mining pools and miners to maintain a consistent hashrate and gain the ability to increase it when needed. A higher hashrate would render a 51% attack against …
Altcoin / Aug. 20, 2020
Analyst Is 'Surprised’ There Hasn’t Been a Large-Scale Attack on Bitcoin Cash Yet
Yassine Elmandjra, a crypto asset analyst at ARK Invest, said in a May 24 tweet that the Bitcoin Cash (BCH) hashrate fell by 30% since its halving event, and only accounts for about 2% of the SHA-256 hashrate. Elmandjra now thinks it’s only a question of time before somebody takes advantage of the network: “Surprised we haven't seen a large scale attack yet.” According to data from BitInfoCharts, the Bitcoin Cash average daily hashrate fell by nearly 25.6% since its April 8 halving. Still, Elmandjra presumably did his calculations based on May 23 data, where the hashrate was down by …
Blockchain / May 25, 2020
Android Malware Targets Users of 32 Crypto Apps, Including Coinbase, BitPay
A new strain of Trojan malware for Android phones is targeting global users of top crypto apps such as Coinbase, BitPay and Bitcoin Wallet, as well as banks including JPMorgan, Wells Fargo, and Bank of America. The news was reported by technology news outlet The Next Web on March 28. Based on research from prominent cybercrime analytics firm Group-IB, this is reportedly the first time the Trojan — now named “Gustuff” — has been reported or analyzed. The malware is described as being designed for mass infection and is spread by SMS messages with links to load malicious Android package …
Cryptocurrencies / March 29, 2019
Linux-Targeting Cryptojacking Malware Disables Cloud-Based Security Measures: Report
A new cryptojacking malware has the ability to disable cloud-based security measures to avoid detection on Linux servers, research by information security company Palo Alto Networks Jan. 17 reveals. The malware in question mines Monero (XMR) and is reportedly a modified version of one used by the so-called “Rocke” group, originally discovered by cybersecurity firm Talos in August last year. According to the research, one of the first things that the malware does is check for other cryptocurrency mining processes and add firewall rules to block any other cryptojacking malware. The virus reportedly also searches for cloud security services by …
Altcoin / Jan. 18, 2019