"Android Malware Called 'Revive' Poses as 2FA App For Spain's BBVA Bank"

A new Android banking malware called Revive impersonates the two-factor authentication (2FA) application required to access BBVA bank accounts in Spain. Rather than infecting customers of various financial institutions, this Trojan has a more focused strategy that targets the BBVA bank. Despite being in its early stages of development, Revive is already capable of performing sophisticated tasks such as intercepting 2FA codes and one-time passwords. To resume itself after being terminated, the malware uses a function with the same name. According to Cleafy's experts, the new malware targets potential victims via phishing attacks and convinces them to download an application that purports to be a 2FA tool required for improved bank account security. When Revive is installed, it requests permission to use the Accessibility Service, which grants it full access to the screen as well as the ability to tap the screen and navigate. Users are asked to enable access to SMS and phone calls when they use the app for the first time, which seems typical for a 2FA service. Following that, Revive operates in the background as a simple keylogger, capturing whatever the user enters on the device and routinely transferring it to the command-and-control (C2) server. This article continues to discuss the Revive malware posing as a 2FA app for BBVA bank accounts. 

CyberIntelMag reports "Android Malware Called 'Revive' Poses as 2FA App For Spain's BBVA Bank"