Mysk🇨🇦🇩🇪 on Nostr: The rogue 2FA app that steals scanned secrets is now ranked 18 on the German App ...
The rogue 2FA app that steals scanned secrets is now ranked 18 on the German App Store for the productivity category. No wonder! The app disguises as a Microsoft app. It is the top hit when you search for "Microsoft Authenticator" and the developer has updated the screenshots in the ad card to highlight the word "Microsoft". Surprisingly, the product page of the app shows different screenshots with the word "Microsoft" removed.
The app now has 1.2K reviews, as opposed to 18 when we first addressed the app.
#privacy #security #2FactorAuthentication #iOS #infosec
Published at
2023-06-19 21:44:59Event JSON
{
"id": "b8d8190e77bc60a420973b125366bd2852a7da75f4f0624116eee4d58c387ef7",
"pubkey": "c99d6973f0e81b7a1be1fb87314222784b0ba695bba3634aa1e1f208bb11a11e",
"created_at": 1687211099,
"kind": 1,
"tags": [
[
"t",
"privacy"
],
[
"t",
"security"
],
[
"t",
"2factorauthentication"
],
[
"t",
"ios"
],
[
"t",
"infosec"
],
[
"mostr",
"https://defcon.social/users/mysk/statuses/110573066626397762"
]
],
"content": "The rogue 2FA app that steals scanned secrets is now ranked 18 on the German App Store for the productivity category. No wonder! The app disguises as a Microsoft app. It is the top hit when you search for \"Microsoft Authenticator\" and the developer has updated the screenshots in the ad card to highlight the word \"Microsoft\". Surprisingly, the product page of the app shows different screenshots with the word \"Microsoft\" removed.\nThe app now has 1.2K reviews, as opposed to 18 when we first addressed the app.\n\n#privacy #security #2FactorAuthentication #iOS #infosec\n\nhttps://files.defcon.social/dcsocial-s3/media_attachments/files/110/573/061/628/078/994/original/14dc48ce1294cf70.png\n\nhttps://files.defcon.social/dcsocial-s3/media_attachments/files/110/573/062/151/440/080/original/d15670332ab26d6e.png\n\nhttps://files.defcon.social/dcsocial-s3/media_attachments/files/110/573/063/708/284/052/original/c46d2bb85b2072d1.png\n\nhttps://files.defcon.social/dcsocial-s3/media_attachments/files/110/573/066/359/993/238/original/c4807d66c4e3e464.png",
"sig": "a7bce2bd6ceb388ebe83f897030809f1007a944c0afeec8a28ad4f34481a409ffbcf823d7fa6cc46635421e442037bf9ef7eb54d7805717c6d181067a881f620"
}