Two-factor authentication via SMS is widely used by banks. Of course, this measure works better than a mere password but it’s not impenetrable.
Infection rates of banking Trojans continue to run high, despite the best efforts of financial institutions and security companies to keep this type of malware in check.
Security specialists found it could be fooled 10 years ago, just when this type of protection was gaining popularity. Sadly, so have malware creators. That’s why banking Trojan developers are able to breach one-time SMS passwords with ease. Here is how it works:
It’s hardly an exaggeration if we say that any <strong>every</strong> modern banking Trojan knows how to fool SMS-based two-factor authentication systems. In fact malware creators have no other choice: as all banks turn to this protective measure, Trojans need to adapt.
There are a lot of malicious apps that are able to do it, more than you might think, in fact. During last couple of months alone our experts have posted detailed reports devoted to three different malware families:
So you see, whilst it’s a strong addition to your normal security, if you have malware on your phone or PC, there’s a good chance that it won’t protect your details. A good basic rule that helps is to install apps only from official stores, however even that’s not 100% certain as some malware made it into the official Play Store and even Apple’s App Store. This is why the most reliable solution is to install a good mobile antivirus.