Bypassing 2Factor Auth with Android Trojans

DerbyCon V - Unity

Presented by: Paul Burbage
Date: Friday September 25, 2015
Time: 14:30 - 14:55
Location: Track 5
Track: Stable Talks

With some financial institutions implementing two-factor authentication, miscreants were observed utilizing mobile Remote Access Trojans (RATs) to capture these SMS PINs for account takeover. This presentation will explore recent campaigns that have used mobile RATs to defeat two-factor systems, the challenges for mitigating this new breed of user attacks, and the vulnerabilities of these cybercrime kits.

Paul Burbage


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats