Two-factor authentication with SMS is widely used by banking institutions. Of course, this measure works better than a mere password but it’s not unbreakable. Security specialists found out how it can be fooled 10 years ago, when this protection measure was just gaining popularity. So did malware creators. That’s why banking Trojan developers breach one-time SMS passwords with ease. Here is how it works:
1. A user launches legitimate banking app on a smartphone.
2. A Trojan detects, which app is used, and overlays its interface with a fake copy. The fraudulent screen looks just like the real one.
