android bankosy malware trojan workingShort Bytes: According to the reports, the primary motive of a cyber criminal revolves around stealing your money by compromising your banking details. To facilitate such actions, notorious hackers have created multiple trojans and released them in the wild. One such Android trojan named Android.Bankosy, which was already capable of stealing the OTPs sent through SMS, has now gained the capability to steal the passwords sent through calls.

The year 2015 saw an unparalleled increase in the notorious financial trojans. These banking trojans get evolved with time and target the security improvements made by the financial institutions. One-time passwords — one such security measure for banking applications — are being intercepted by an Android malware named Android.Bankosy.

This banking trojan was already capable of stealing the two-factor authentication codes sent via SMS codes by cracking the security of 2FA systems. This malware intercepts the SMS messages and sends its content to the cyber criminals. As a result, 2FA witnessed an upgrade and allowed the users to receive one-time passwords via voice calls.

However, this Android trojan has recently graduated gaining the capability to steal your OTPs by intercepting voice calls as well. The researchers from Symantec have outlined this increased risk in their recent blog post and explained the working of malware.

How Android.Bankosy Trojan Steals OTPs?

android bankosy malware trojan working
Image | Symantec

Even before receiving the update, this trojan was able open a back door, collect the system-specific information, and send it to the C&C server to get a unique code for each infected device. After registering successfully, the malware uses that unique code to further talk to the C&C server and get commands.After the update, the trojan can now intercept 2FA codes by temporarily forwarding the voice calls to the hacker’s phone number. Commonly seen in some Asian countries, the attacker can easily enable unconditional call forwarding, using the *21*[DESTINATION NUMBER]# service code.

The next obvious step is to reroute the victim’s phone and control the calls via C&C server.

How To Protect Yourself From Android.Bankosy Trojan?

To protect yourself against such banking trojans, you are recommended to follow these simple steps:

  • Regularly update your phone’s software to patch the flaws
  • Don’t install apps from unknown sources
  • Every time an app makes request for additional permissions, closely pay attention
  • Make frequent backup of your data
  • Use a mobile security app to protect your device and data. Here are the best Android antivirus software, according to AV-Test.

Add your views about the increasing banking malware threats in the comments below.

Also Read: Explained: How Criminals Hack Your Chip And Pin Card