"Mobile Malware Bypasses Banks' 2-Factor Authentication"

IBM X-Force researchers have released details about a variant of the TrickBot Trojan, dubbed "TrickMo," which was first discovered by the federal computer emergency response team of German (CERT-Bund) in September 2019. The malware has mainly targeted banking customers in Germany but is likely to be distributed in other countries. TrickMo is delivered via a fake security app and is designed only to be downloaded to an Android mobile device. Once the malware is installed, attackers can steal device information, lock the device, record targeted applications for one-time passwords, and more. Information collected through the execution of TrickMo can allow attackers to generate an infected Android phone's digital fingerprint. Attackers can sell this device fingerprint on the dark web or authorize fraudulent bank transactions. This article continues to discuss the discovery, distribution, and capabilities of TrickMo, as well as the TrickBot Trojan's evolution into a cybercrime-as-a-service model. 

BankInfoSecurity reports "Mobile Malware Bypasses Banks' 2-Factor Authentication"