Android malware steals one-time passcodes

One-time passcodes, a crucial defense for online banking applications, are being intercepted by a malware program for Android, according to new research from Symantec.

The malware, called Android.Bankosy, has been updated to intercept the codes, which are part of so-called two-factor authentication systems.

Many online banking applications require a login and password plus a time-sensitive code in order to gain access. The one-time passcode is sent over SMS but also can be delivered via an automated phone call.

Some banks have moved to call-based delivery of passcodes. In theory, that provides better security since SMS messages can be intercepted by some malware, wrote Dinesh Venkatesan of Symantec in a blog post on Tuesday.

To read this article in full or to leave a comment, please click here

Read more: Android malware steals one-time passcodes

Story added 13. January 2016, content source with full text you can find at link above.