{"id":5291,"date":"2016-03-15T16:25:34","date_gmt":"2016-03-15T16:25:34","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=5291"},"modified":"2024-09-27T03:14:55","modified_gmt":"2024-09-27T07:14:55","slug":"how-the-banking-trojans-circumvent-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/how-the-banking-trojans-circumvent-two-factor-authentication\/5291\/","title":{"rendered":"How the banking Trojans circumvent two-factor authentication"},"content":{"rendered":"

Two-factor authentication involving SMS has been used by most banks for quite some time. This is better than nothing, of course, but it\u2019s not unbeatable: Researchers warned <\/a>that it can be surmounted with relative ease about ten years ago, when this protective measure started gaining popularity.<\/p>\n

Unfortunately, banking Trojan writers soon mastered the techniques to circumvent the one-time passwords delivered via SMS. Here\u2019s how it works with modern banking Trojans:<\/p>\n

    \n
  1. A user launches a legitimate banking app on his device.<\/li>\n
  2. \u00a0The Trojan identifies the app and overlays its UI with its own, faking the screen. The fake app looks as similar to the genuine one as possible.<\/li>\n
  3. A user enters their login and password in the form of fake app.<\/li>\n
  4. The Trojan sends these credentials to the criminals \u2013 now they can use them to authorize within the banking app.<\/li>\n
  5. Criminals initiate\u00a0a transaction to their own account.<\/li>\n
  6. The user\u2019s smartphone receives an SMS with one-time password.<\/li>\n
  7. The Trojan intercepts this SMS and sends it over to the malefactors.<\/li>\n
  8. At the same time, this SMS is concealed from the targeted user, so he or she doesn\u2019t see it or suspect anything.<\/li>\n
  9. Using the intercepted one-time password, criminals confirm the transaction and receive the money.<\/li>\n<\/ol>\n

    It wouldn\u2019t be much of an exaggeration to state that all of the modern mobile Trojans are capable of circumventing two-factor authentication using this scenario. Their authors don\u2019t have much choice: almost every bank employs this protective measure, so the money can\u2019t be stolen unless it is beaten.<\/p>\n

    There are more of these malicious applications than one may think. Just over the last month and a half our experts published three reports on various banking Trojans families, each one as bad as the other.<\/p>\n

    How the banking #Trojans circumvent the two-factor authentication #mobilesecurity<\/p>Tweet<\/a><\/blockquote>\n

    Asacub<\/a>\u00a0\u2013 a spying Trojan which learned to steal from banking apps too.<\/p>\n

    Acecard<\/a> \u2013 a feature packed Trojan capable of overlaying apps from some 30 banks with its phishing screens. This trend has been caught by other malware as well: if initially banking Trojans would have targeted just one specific bank or payment system, now many of them are capable of hitting them in numbers.<\/p>\n

    Banloader<\/a> \u2013 a cross-platform Brazilian Trojan capable of launching both on PC and mobile devices.<\/p>\n

    It is very naive to hope that two-factor authentication via SMS would protect against banking Trojans. For many years it\u2019s been no match for them, and the situation isn\u2019t going to improve. So the additional measures are necessary.<\/p>\n

    The problem is further aggravated with the fact that Trojans steal money via end-users\u2019 devices, but it is banks that are the actual victims since they later have to investigate every incident, reimburse the losses, and restore their damaged reputation.<\/p>\n

    It is banks who are actual victims of Trojans, not users #mobilesecurity<\/p>Tweet<\/a><\/blockquote>\n

    Yes, most of the Trojans can be stopped with anti-malware solutions, but it\u2019s an unrealistic task to persuade thousands of users to install such solutions. Banks have a good reason to take their clients protection into their own hands \u2013 \u00a0for instance, using Kaspersky Fraud Prevention<\/a>\u00a0suite.<\/p>\n

    Its SDK arms the bank\u2019s own mobile app with technologies capable of detecting the Trojans\u2019 presence and successfully prevents criminals from accessing the bank account.<\/p>\n

    The platform uses\u00a0Clientless Engine, a server-side solution that is installed at the financial organization\u2019s side and protects online access to the customers\u2019 accounts regardless of what devices are used for this.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Two-factor authentication involving SMS, while used by most banks for quite some time, is not unbeatable.<\/p>\n","protected":false},"author":421,"featured_media":15444,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[1218,2399,723],"class_list":{"0":"post-5291","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-2fa","10":"tag-mobilesecurity","11":"tag-trojans"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/how-the-banking-trojans-circumvent-two-factor-authentication\/5291\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/how-the-banking-trojans-circumvent-two-factor-authentication\/5291\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/how-the-banking-trojans-circumvent-two-factor-authentication\/5291\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/mobilesecurity\/","name":"mobilesecurity"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5291"}],"version-history":[{"count":7,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5291\/revisions"}],"predecessor-version":[{"id":52244,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5291\/revisions\/52244"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15444"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}