EXECUTIVE SUMMARY:

Single-factor authentication has become a thing of the past, making way for two-factor authentication (2FA) or multi-factor authentication (MFA).

We are all using 2FA on an almost daily basis for a variety of web-service authentications and registrations; to access our bank accounts, to verify newly created email accounts, or to confirm a money transfers. We almost don’t realize how quickly we’ve adopted this new security authentication mechanism. It’s now common for us to robotically input the 2FA information that is requested– unaware that this information may be available to malicious actors too.

While 2FA has proved to be far more secure than just user names and passwords, 2FA is still far from being secure.

A new variant of TrickBot, a banking trojan that targets sensitive information and acts as a dropper for other malware, has recently emerged. This trojan and similar types of campaigns send users unsolicited emails that direct them to download malware from malicious websites. Or, the emails try to trick the user into opening malware via an attachment. This past March, researchers of IBM discovered that the operators of TrickBot had developed a malicious app called TrickMo, which illicitly intercepts the OTP codes that banks send to customers for authentication.

For more on this story and info on how to prevent credential theft, visit this blog.