A widely used security feature intended to protect access to online bank accounts is becoming increasingly ineffective, as cybercriminals develop advanced malicious software for Android devices, according to a report released Wednesday.
Many banks offer their customers two-factor authentication, which involves sending an SMS message with a code that’s entered into a Web-based form. The code expires in a few minutes and is intended to thwart cybercriminals who have a person’s login credentials.
But there are now multiple mobile malware suites that work in tandem with desktop malware to defeat one-time passcodes, wrote Ken Baylor, research vice president for NSS Labs.
”Do not rely on SMS-based authentication,” the report said. “It has been thoroughly compromised.”