A new Malware that Can Intercept your OTP and bypass Two Factor Authentication

For most of our accounts, be it Bank accounts or social media accounts, we rely on two-factor authentication and OTP (one-time-password), thinking it the most trustable and impenetrable security. But we ought to think again as a new android malware, “Alien” with its remote access threat tool, can steal 2FA codes and OTP as well as sniff notifications.

- Advertisement -

Discovered by ThreatFabric, the Trojan Alien has been offered as a Malware-as-a-Service (MaaS) making rounds on underground hacking forums. Though this is not the first malware to access OTPs, Cerberus (malware gang with a similar code) has already been there and done that, but Google’s security found a way to detect and clean devices Cerebus. Inspired and evolved from the same code, Alien has yet to be caught by a security server.

A new Malware that Can Intercept your OTP and bypass Two Factor Authentication
A new Malware that Can Intercept your OTP and bypass Two Factor Authentication

With the remote access feature, Alien can seize passwords and login credentials, and grant hackers access to the device to use the stolen passwords. Alien can also perform the following tasks: 

  • Overlay on another App 
  • Steal 2FA and OTP 
  • Read Notifications 
  • Collect Geo-location data 
  • Forward Calls 
  • Install other Apps 
  • Steal Contacts 
  • Provide access to the device 
  • Log Keyboard Input 
  • Send Messages 

This set of activities makes this malware highly dangerous, and the device infected with it utterly transparent to the hacker and to think it is offered as MaaS. The malware deploys TeamViewer, and through it, reads the devise’s screen, notifications, harvest OTPs and other data – giving full reign of your device to the hacker to attempt fraud, steal money, and data.

How is it Spreading? 

According to ThreatFabric, the malware is transmitting via phishing emails and third-party applications. Researchers found that Alien was sporting fake logins for 226 android apps, some of them quite popular like Snapchat, Telegram, Facebook, Gmail, WhatsApp, etc. Many of them were banking and e-commerce apps; there’s no surprise there! These banking apps were from Spain, Germany, the US, Italy, France, Poland, Australia, and the UK.

Also Read:

- Advertisement -


PUBG Mobile India was Recently Registered as a Company and Launch Soon

PUBG Mobile is one of the leading mobile battle royale titles. The game has amassed a massive fan base worldwide and holds a special place...

Xiaomi India Black Friday sale

Xiaomi has announced that it will be holding a Black Friday sale in India, starting from November 26, which will go on till November...

2FA bypass discovered in web hosting software cPanel

Security researchers have discovered a major security flaw in cPanel, a popular software suite used by web hosting companies to manage websites for their customers. The...

Oppo Reno 5 Pro 5G could Come with Quad Camera Specifications

There is a lot of buzz around Oppo’s next flagship smartphone series, oppo Reno 5. Already, the smartphone series has appeared in multiple leaks...

Indian Government Bans 43 More Chinese Apps Including Ali Express

The Indian Government has today banned another 43 apps of Chinese origin under section 69A of the Information Technology Act. The news was released...

Leave A Reply

Please enter your comment!
Please enter your name here