If you use the Internet, you have probably had to prove your identity by jumping through an extra hoop. Perhaps it was entering the code from a special app, or copying the code from a text message. But if that information were intercepted, an attacker could gain access to your account. That’s exactly the scenario we look at this week.
Malwarebytes detects this particular piece of Android malware as Trojan.Spy.FakeBank.ir. This name is pretty self explanatory: The fake app (Trojan) is disguised as a banking app (FakeBank) targeting Iranian users (.ir) and can steal two-factor verification codes (Spy). In short, it’s not something anyone wants on their phone.