Malware sidesteps Google permissions policy with new 2FA bypass technique | WeLiveSecurity
Tags
country: Turkey
attack-pattern: Call Log - T1636.002 Credentials - T1589.001 Deliver Malicious App Via Authorized App Store - T1475 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004 Software - T1592.002 User Interface Spoofing - Mob-T1014
Show in Graph
Common Information
Type Value
UUID a67de461-9909-4372-906e-d27c534743da
Fingerprint 5c231589c98e73c9
Analysis status DONE
Considered CTI value 2
Text language
Published June 17, 2019, 11:30 a.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Oct. 15, 2024, 5:30 p.m.
Headline Malware sidesteps Google permissions policy with new 2FA bypass technique
Title Malware sidesteps Google permissions policy with new 2FA bypass technique | WeLiveSecurity
Detected Hints/Tags/Attributes 43/2/10
Source URLs
Redirection Url
Details Source https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/
URL Provider
Details Provider Source level domain
Details welivesecurity.com www.welivesecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
fakeapp.kp
Details Domain 1 
btcturk.pro
Details Domain 1 
com.app.btsoft.app
Details Domain 1 
com.app.elipticsoft.app
Details md5 1 
8C93CF8859E3ED350B7C8722E4A8F9A3
Details md5 1 
843368F274898B9EF9CD3E952EEB16C4
Details md5 1 
336CE9CDF788228A71A3757558FAA012
Details md5 1 
4C0B9A665A5A1F5DCCB67CC7EC18DA54
Details MITRE ATT&CK Techniques 9 
T1475
Details MITRE ATT&CK Techniques 5 
T1411