Categories: Security

Nutty Malware Can Wipe Out Two-Factor Authentication

Two-factor authentication has garnered plenty of praise as one of the most secure ways to sign into an online or mobile account without getting hacked. However, cybercriminals have now developed a piece of malware that can wipe out two-factor authentication and steal your data through a phishing email.

Read More: 5 Tips to Determine if an Email is Actually a Phishing Scam

While you should still implement this type of authentication on all your accounts, protect yourself further with an antiphishing app that adds another layer of security to your device and data. With dfndr security, your phone will have an anti -hacking feature that protects your device and warns you of malicious links, blocks them, and prevents you from falling for phishing emails.

Here’s what you should know about the malware that can wipe two-factor authentication.

Not as Powerful as it Looks
Security researchers released a video that shows how easy it is to take over an account or someone’s personal information, even with this type of authentication. The video revealed a phishing email with a bit of code that can steal or compromise the login information of a user by placing the code into a login box.

Fraudulent LinkedIn Email
The phishing scam sends what appears to be a legitimate LinkedIn email showing that someone is trying to connect with them through the social media site. The researchers showed that if you look closely, the return address of the email is not correct as it’s actually a spoofed version of LinkedIn.

What Happens Next?
If the target falls for the phishing email and clicks the “interested” button, the malware will then be downloaded onto the victim’s device. The email then takes the victim to the real LinkedIn site where they log in their information to complete the connection process, including having the site send an access code to the account holder’s phone.

While this is going on, the malware in the background has gained control of the email and password linked with the victim’s account, along with the session cookie. The criminal can then use the victim’s information to log into their account, even without two-factor authentication and without the victim’s device.

Scary Stuff! What Should I Do?
Naturally, two-factor authentication will not help you at this stage, so the best thing you can do is download an antivirus app like dfndr security that has antiphishing technology, but don’t just leave it up to a security app, be sure to always check emails closely. The sender address, how the email is composed (language and punctuation), and the urgency level are some clues to whether or not an email is legitimate.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago