Spawn Of TrickBot Trojan Bypasses 2FA
By: Jim Stickley and Tina Davis
April 10, 2021
Two-factor authentication (2FA) has become a friend of banking security everywhere, especially for mobile users. A recent IBM X-FORCE report, however, finds victims of TrickMo, a TrickBot variant, are being lulled into a false sense of security. This happens after Android users download a “security app,” supposedly recommended by their bank. IBM first discovered this mobile malware being used in Germany, perhaps as a proving-ground before worldwide distribution. In 2016, the infamous TrickBot Banking Trojan was also first discovered being used in Germany before other countries. It was just a matter of time before TrickBot, and now TrickMo, hit the U.S. and the rest of the world.
Circumventing 2FA security is a blow to mobile banking authentication. A friend to online banking fans everywhere, 2FA provides a unique security code necessary to verify identity during bank log-in. Using a TrickBot feature, spoofed texts claiming to be from your bank ask victims for their phone numbers, the type of mobile device they use, and subsequently, strongly suggests they download their “security app” to protect their mobile device while banking.
Once downloaded, the bogus app carrying TrickMo is installed and gets to work. IBM reports the malware steals device information, locks the phone, intercepts SMS and push messages, steals one-time transaction authentication numbers (TAN) for other apps, and also steals device pictures. Verification codes meant for account owners are instead sent to the hacker, allowing easy access to a victim’s bank account and money. All the damage is done with the user being none-the-wiser, while the bad guys work remotely and intercept 2FA codes before the user gets them. After unleashing all sorts of quiet chaos on bank accounts and devices, TrickMo then self-destructs and removes all traces of itself.
Since TrickMo is still under active development, there may be frequent changes and updates along the way. With 2FA under fire, security professionals recommend cyber-safe approaches we can all do.
- Always keep all software, including security software, updated with the latest versions available.
- Also, apply security patches as soon as possible as they often contain bug fixes and security updates.
- Continue using 2FA for all accounts when available.
- Consider using an alternate way of getting 2FA codes, such as receiving a phone call instead of a text.
- There are also key fobs that receive 2FA codes with a push of a button. Doing so adds another layer to 2FA, assuming the user is the only one who has physical possession of the key fob.