tldrdailynews.com logo
Tag

Otp

All articles tagged with #otp

Phishing PWA Poses as Google Security Page to Steal OTPs and Proxy Victims’ Traffic
technology1 month ago

Phishing PWA Poses as Google Security Page to Steal OTPs and Proxy Victims’ Traffic

A phishing campaign disguises a fake Google Security page as a Progressive Web App to trick users into granting permissions. The malicious PWA can exfiltrate one-time passwords, clipboard contents, contacts, and GPS data, and can proxy the victim’s browser traffic and scan internal networks via a WebSocket relay. An Android APK is also distributed to extend access with keystroke capture and device admin persistence. The attack relies on social engineering, not exploiting a vulnerability. Google says security checks aren’t done via pop-ups; remove the PWA and revoke device admin rights following Malwarebytes’ removal guidance.

via BleepingComputer|
#android-malware#otp#phishing
"Risks of Using Telegram's Peer-to-Peer Login for Cost Savings"
technology2 years ago

"Risks of Using Telegram's Peer-to-Peer Login for Cost Savings"

Telegram is offering a new "Peer-to-Peer Login" program where users can earn a premium subscription by allowing their phone numbers to be used to send OTPs to other users. However, this poses significant privacy and security risks, as the phone number is visible to the recipient and users may face unwanted communication. Additionally, Telegram disclaims any liability for potential harm resulting from this program. The move is seen as a cost-saving measure for Telegram, but it raises concerns about privacy and security, contradicting the company's emphasis on privacy. It's advised to avoid participating in this program due to the potential risks involved.

via The Verge|
#otp#privacy#security
"Android 15: Protecting Sensitive Data from Scammers and Malware"
technology2 years ago

"Android 15: Protecting Sensitive Data from Scammers and Malware"

Google is working on enhancing Android 15 to protect sensitive notifications, particularly those containing one-time passwords (OTPs), from being intercepted by malicious apps. The new features include a permission called RECEIVE_SENSITIVE_NOTIFICATIONS, which restricts untrusted apps from accessing notifications with OTPs, and a flag called OTP_REDACTION to prevent leakage of 2FA codes on the lock screen. These measures aim to bolster security and prevent account hijacking through intercepted OTPs.

via Android Authority|
#android#google#notifications