A newly uncovered banking trojan called Alien is invading Android devices worldwide, using an advanced ability to bypass two-factor authentication (2FA) security measures to steal victims’ credentials.

2FA or two-factor authentication is an additional security method used to ensure that if your password somehow gets compromised that you have another layer of protection against attackers. It does this in a few ways, most commonly, sending your phone a text message with a unique code that you then must input into the website to have access to.
2FA has been widely adopted in the industry as it makes it difficult for attackers to breach an account just off a stolen password.

Once it has infected a device, Alien aims to steal passwords from 226 mobile applications, including banking apps as well as a slew of collaboration and social apps like Snapchat, and Microsoft Outlook.

The malware has been targeting companies worldwide, including France, Germany, Italy, the U.K., and the United States. The Alien trojan has various commonly used Android malware capabilities, including the ability to launch overlay attacks (These work similarly to credit card skimmers in that a false data entry box will be overlayed on top of the legitimate one to trick you into entering information into the false box.), steal SMS messages and harvest contact lists – as well as keylogging (recording what keys you press to steal passwords), location-collecting and other capabilities.

However, it also uses several more advanced techniques, including a notification sniffer that allows it to access all new updates on infected devices. This includes 2FA codes – allowing the malware to bypass 2FA security measures. While normally the user would need to grant this permission manually in the settings, the malware circumvents this roadblock by using the Accessibility privileges on Android devices, performing all necessary user interactions by itself.
It is unclear how Alien is initially spread, but given that the malware is being rented out, a lot of attack vectors tactics can be used, including spear-phishing, distribution through third-party applications, and more.

Cyber Wise suggests that if you use an Android device that you never open attachments or links from emails that you are unsure about. You should also always keep your devices up to date as with every patch comes security fixes that could protect you further from security incidents. as of now, there are not any fixes for this malware specifically but there if you have Android 8.0 Oreo or higher the security fixes in this update help stop overlay attacks. Always check to ensure apps you are installing are legitimate by checking the reviews on the app store and never install apps that you find on a browser. If you would like to know more about what Cyber Wise offers, click here.