Most online transactions require a two-step authentication, and the One-Time-Password (OTP) sent by SMS is often one of those two steps. The purpose of an OTP is to prevent fraud by confirming that the person making the transaction and the credit card owner are one and the same. To do so, a temporary code is automatically sent by SMS to the phone number associated with the bank account used.
The digital transformation immersed us into a mobile-first world where smartphones and smart devices are the communications media. Mobile Applications became the cornerstone of this new model providing hackers with a new landscape to play in.
In an article published in March, we were informing you about the risks behind malicious clones of popular applications. Five months later, impostor apps are still trying to access our data and to target more users.
Overlay malware allows attackers to create an overlay to be displayed on top of legitimate Android applications. The overlay mimics the real app UI (User Interface) to trick users into entering sensitive data into a fake window that will collect and forward them to a remote attacker.
From Banking to Gaming, the preferred channel to access our favorite services is decidedly via mobile applications. Ensuring those Apps security, comes with a series of challenges.
Currently, the likelihood to find vulnerability in a mobile app is high, and hackers, well aware of this fact, keep trying new techniques to access corporate and personal data through apps.