Android.Bankosy malware isn’t new. It was discovered a year and a half ago. But it does have a new trick.
The latest version targets Android devices, specifically mobile phones, to try and intercept voice-delivered, one-time passcodes for two-factor authentication. It utilizes call forwarding to redirect all traffic to another phone.
“Once the malware is placed on a user’s device, often through the download of an app that has the malware attached or through a targeted phishing attack, it opens a back door to the device that allows the fraudster to initiate various commands including call forwarding,” says Mark Kanok, Senior Director of Product Management at TeleSign, a mobile identity solutions company. “When this type of malware is used effectively, a fraudster can complete large money transfers out of a user’s bank account or hack into their email account which gives them access to untold amounts of personally identifiable data.”
Consumers can help protect themselves by reviewing apps before downloading, then reviewing the permissions from downloads before accepting them.
“This type of malware is most commonly delivered through malicious apps that masquerade as seemingly innocent tools, such as the many flashlight apps that have been found to contain lots of malware,” Kanok says. “If an app is asking for permission to use something that doesn’t make sense to you, there is a strong chance it could be malicious. Businesses can protect their users from attacks like Android.Bankosy by easily establishing a trusted link between themselves and the customer leveraging the user phone number.”
TeleSign’s Voice Verify with Call Forward Detection helps users beat Android.Bankosy by knowing when a phone number is being forwarded unconditionally – a big red flag. Businesses can then decide whether to launch a different form of authentication to protect their users.