Scary Phone Virus Bypasses Two-Factor Authentication

If you don't have antivirus software on your phone, you are leaving yourself vulnerable

virus (Image: iStock/BrianAJackson )

 

Read any mobile phone advice about protection from viruses and other malware, and inevitably, two-factor authentication will be mentioned. Two-factor authentication is an extra security measure in which you set up another way to log into an app besides entering a password—typically you have to enter a code that the app texts via SMS.

Check Point Security—cybersecurity researchers and makers of cybersecurity software—just posted a blog about a nasty bit of malware that can infect even mobile devices set up with the two-factor additional security.

The malware is called “Swearing Trojan.” It intercepts SMS messages and replaces them with its own, which has a link to a malicious website that infects the device. Check Point reports this malware can also go through your contact list and make it seem as though a text is from someone you know. It can also send the infected link to people in your contacts’ list, spreading itself in the wild.

The Swearing Trojan virus swipes banking information including account usernames and passwords as well as other personal and sensitive information.

From Check Point’s blog, here are more ways this sneaky malware infects devices:

  • Impersonating work-related documents: A fake SMS message coming from a manager asks the user to download and open an important document right away and to reply to comments inside.
  • Through photos or videos: A fake SMS message claims to include a picture of a memorable event or of a cheating spouse.
  • Posing as trending events: A recent example is a MMS message including a video of a cheating celebrity wife caught in action.
  • Via app update notifications: An SMS message claims to be from a bank or telecom provider that asks the user to install critical updates.

The malware was limited to certain servers in China, but researchers are seeing it spread. The best defense against malware on mobile devices is the same as with computers—invest in antivirus and antimalware software such as Check Point and Avast.