During our recent analysis of malware targeting financial institution we found a very powerful that can bypass the 2FA (Two factor-authentication) with a malicious app installed on the phone. Malware like this can drive the user to download the fake application on the phone, using a MITB (Man in the browser attack). Once the user PC the attacker can take full control of the machine and interact with him through a C&C server. What we explain in this article is a real active botnet with at least 40-compromised zombie host.
Research Download Link —-> Are 2 factor authentications enough to protect your money?