fsebugoutzone.org:9999

       Post AXSM1yIbbKlZshaRIe by cryptax@mastodon.social
 (DIR) More posts by cryptax@mastodon.social
 (DIR) Post #AXSM1yIbbKlZshaRIe by cryptax@mastodon.social
       2023-07-07T16:04:21Z
       
       0 likes, 0 repeats
       
       Given the amount of Android malware I analyze who read 2FA codes, I wonder how secure the feature is now [on a smartphone].In the screenshots below, the malware reads 2nd factor codes via accessibility tweaks, retrieves the value, encrypts them with RC4 and sends that to a REST API on a remote C2. This is a sample of Android/SOVA.Conclusion: 2FA don&#39;t &quot;work&quot; on a device which can be compromised.
       
 (DIR) Post #AXSM1zHvvJp4wuHPtI by eighthave@social.librem.one
       2023-07-07T16:20:52Z
       
       0 likes, 0 repeats
       
       @cryptax Does the &quot;screenshot prevention&quot; stuff help at all there?  Like using a OTP app that sets the Android feature to block screenshots.  I don&#39;t know much about the accessibility APIs, and whether that is affected.
       
 (DIR) Post #AXUPKi1l0mUp61Fhqa by cryptax@mastodon.social
       2023-07-08T16:07:16Z
       
       0 likes, 0 repeats
       
       @eighthave I&#39;ll give it a try (on an emulator ;P) but I don&#39;t think the screenshot will show anything particular to detect the first screen is not the real banking app.
       
 (DIR) Post #AXVqc2NZUNRD3ku2Yy by eighthave@social.librem.one
       2023-07-09T08:47:38Z
       
       0 likes, 0 repeats
       
       @cryptax Is the malware using accessibility tweaks to read SMS/email/etc 2FA codes?  Or can it also read 2FA codes from OTP apps like Aegis Authenticator, andOTP, or Google Authenticator?  I meant that OTP apps could maybe have a setting to enable blocking the accessibility methods for reading.
       
 (DIR) Post #AXW7Vbb3qomtTjjPGq by cryptax@mastodon.social
       2023-07-09T11:56:58Z
       
       0 likes, 0 repeats
       
       @eighthave yes they&#39;re using accessibility to read 2fa, often from known apps like Google authenticator, or just SMS.
       
 (DIR) Post #AXW7bvOBB1P2bIiecC by cryptax@mastodon.social
       2023-07-09T11:58:07Z
       
       0 likes, 0 repeats
       
       @eighthave difficult to &quot;block accessibility&quot; because people with handicaps legitimately need it...
       
 (DIR) Post #AXWfSI2XVFdsOgAtea by eighthave@social.librem.one
       2023-07-09T18:17:22Z
       
       0 likes, 0 repeats
       
       @cryptax right I get that.  I&#39;m thinking that a security-sensitive app like Aegis could have a setting to let the user disable the accessibility stuff.