Pages:
Author

Topic: A new malware designed to beat 2-fa authentication (Read 405 times)

legendary
Activity: 1652
Merit: 1483
sorry if this is a dumb question, but how exactly does this compromise 2FA?

all of the compromised data is browser-based (something you know, not something you have), with the exception of "stolen text messages". but old text messages shouldn't overcome SMS 2-factor authentication because those one-time codes are only good for a very limited time. and if you use TOTP-based 2FA, you should be completely safe.

can somebody walk me through this?

If found another article , and it says that stolen cookies can be used to fake the identity of victim's machine, and thus login without a 2FA check on some sites. However, there are still a lot of unexplained details, like how they avoid 2FA checks on withdrawals, how do they spoof IP address and so on.

It's an interesting topic and people who have very important online accounts, like traders, should definitely check it, so here's some links:

https://security.stackexchange.com/questions/178663/why-isnt-stealing-cookies-enough-to-authenticate

https://stackoverflow.com/questions/2498599/can-some-hacker-steal-the-cookie-from-a-user-and-login-with-that-name-on-a-web-s

thanks for the explanation. i think i get it now. it didn't occur to me that hackers were duplicating an existing session using the stolen cookies. it's still not an easy attack to pull off since the attacker needs to spoof the IP address (and other parameters) from the original session, but it's good to be aware that this can happen. it definitely makes a strong case for requiring 2FA on withdrawals (email confirmation and TOTP) in case your session gets hijacked like this.
full member
Activity: 490
Merit: 100
This is terrible. No matter how we try to protect your funds, there are still new ways to hack your wallets and accounts. Now I'm even more worried about my money.
hero member
Activity: 672
Merit: 526
How can it beat the 2FA if your primary source of the Authenticator is the application downloaded in your phone? The cookies and stuff aren’t applicable here. I don’t understand why would one use browser again to store anything related to 2FA.

It doesn't. What this malware does is try to take advantage of the session that is already open. He tries to fool the website by saying it's just a continuation of the last login.

Hacker could not type 2fa again. Since the combination expires fast. It would take advantage of the last numbers entered or the open session.

But most serious sites ask for 2fa again depending on the ip used.
sr. member
Activity: 2506
Merit: 368
~snip~
I have always used Firefox in private mode, I dont allow Firefox to store
my browsing history. This is something the Mozilla foundatuon have
always based the operations on.
...
I think this is just the same with Google Chrome, they do have incognito mode which is basically similar to what you have said. Incognito never store your passwords, cookies, and history of your browser. And i think personally the biggest difference between these two is just how the processing of these two is much more different. Chrome is way faster than Firefox in terms of quick response, IMO.
sr. member
Activity: 840
Merit: 266
If found another article , and it says that stolen cookies can be used to fake the identity of victim's machine, and thus login without a 2FA check on some sites. However, there are still a lot of unexplained details, like how they avoid 2FA checks on withdrawals, how do they spoof IP address and so on.
Faking the identity of the victim's machine will not make you bypass 2FA, I have 2FA setup on all my exchanges and I always asked to enter my 2FA and I never changed the computer I am using with my exchanges, also in some exchanges like Bittrex I always have to confirm by email+2FA if my Ip changed. I don't see in the article any mentioning about the way the attackers get bypass 2FA and if they are talking about the old one-time text message it still can't be done because it is only valid for one-time logging and for a limited time.
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
To be honest,  between hackers and regular users that is not even a battle. Hackers win easily.

you don't really need to be an expert to be pretty safe. of course 100% safety is impossible no matter what you do and how "expert" you are but even a "regular user" with basic understanding of computers can be as safe that he/she never loses anything ever in his entire life. there are just certain precautions that you have to always take like not downloading or even visiting sites with anything fishy in them. keeping your secrets password protected,...
legendary
Activity: 2996
Merit: 1054
Leading Crypto Sports Betting & Casino Platform
Malware and security will always be at an arms race to defeat each other.  No matter how secure we think we are all it takes is one genius to crack the puzzle and we are screwed.  Also no matter how good your digital security is you are still prone to a physical wrench attack.
It will be a continuous battle between, this news is really alarming and needs to be well understood, hackers are always finding ways to penetrate
and if we give them a little chance they will attack quicker than we think that we are well protected, it's best to always be updated and take things
seriously to learned more prevention regarding to this concern.
hero member
Activity: 1120
Merit: 554
Malware and security will always be at an arms race to defeat each other.  No matter how secure we think we are all it takes is one genius to crack the puzzle and we are screwed.  Also no matter how good your digital security is you are still prone to a physical wrench attack.
member
Activity: 322
Merit: 20
Donating 10% to charity
Thank you for the warning. It is a strong battle between the hackers and users like us. Please stay safe everybody and be careful when clicking on hyperlinks and downloading stuffs. Stay safe and let’s win the battle against the hackers and scammers.

To be honest,  between hackers and regular users that is not even a battle. Hackers win easily.

This malware affects Mac users but don't think that because you're not using a Mac you're safe from a 2-factor authentication bypass. Using phishing links, an attacker can also bypass the authentication by using the real website but acting as some kind of intermediary between you and the website, so you are getting the real code and submitting for the hacker to be have access.

A really good attacker wanting you to click a link will most likely make you click a link. The rate of people who falls for that simple attack vector is incredibly huge.
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
How can it beat the 2FA if your primary source of the Authenticator is the application downloaded in your phone? The cookies and stuff aren’t applicable here. I don’t understand why would one use browser again to store anything related to 2FA.
hero member
Activity: 3052
Merit: 651
Thank you kenzawak for opening this kind of discussion. It is an eye opening.

pooya87 and aoluain thank you also for answering with web browser hacking and what should be used for security and you both have the same answer into what is most advised as a great browser.

Now, I am uninstalling my chrome. I am not really into digging about browser but this is an eye opener although it aint the target of the thread.
I believe 2FA aint that easy to be hacked. Just changing a smartphone and also reporting the change will give you a hard time, what more into hacking it.
I passed all my documents just so I could get it back and it took 2 days for me to recover it all. I believe that is how secured it is.
legendary
Activity: 3346
Merit: 3130
...

It is very alarming news for the general people who use Internet from PC, or Android. If Google Chrome isn't enable to protect such maleware, it is shocking. I think Google Chrome will detect this maleware soon.

Is the hacking race, always hacker will develop new tools and them with work until someone develops a patch, that's how this world works. The crazy fact is the attacking vector, 2FA and MacOS, That's what has me amazed because those were two important security factors and fun to see how they are the vuln.
full member
Activity: 840
Merit: 101
I think they should do something about how to prevent the malware from getting into our funds. And do a free service that will make us secure, and our funds secure where we don't have to purchase a hardware wallet because not everyone can afford that yet. I hope they do something about this right away.
full member
Activity: 528
Merit: 100
This is so unfortunate that the bad apples are working so hard to undermine mass adoption and make it very difficult for the average Joe Bloggs to enter crypto. Instead of being useful and becoming advocates for change and helping people join this big technical revolution, they prefer to work hard just for quick gain and out of malice to make sure less and less people want to join this niche market. Many newbies are frightened off because of this attitude from rogue entities and it scares them entering this space. I do hope that cyber police become more and more vigilant in catching these nasty people who are trying to undermine crypto and the blockchain for normal users and investors.
It is one of the factors why there are people who are afraid to enter the market. They are afraid to lose their money due to the hackers that are so skillful. Hackers are always finding a way for them to hack cryptocurrencies in all over the market. If we can only stop them, the mass adoption will happen.
full member
Activity: 616
Merit: 100
is it true?i think 2FA authentication is made for make people that want to hack the account can't hack it because it will use another applications or another platform t make a verification of the owner of that wallet or that account, so if this is real i think we should makes another ways to makes a verification for owner
sr. member
Activity: 658
Merit: 256
Thank you for the warning. It is a strong battle between the hackers and users like us. Please stay safe everybody and be careful when clicking on hyperlinks and downloading stuffs. Stay safe and let’s win the battle against the hackers and scammers.
full member
Activity: 574
Merit: 100
more and more viruses are spread by hackers who try to steal assets owned by cryptocurrency users, and preferably when you want to access your wallet or place of exchange you have to be more careful and not be careless.
sr. member
Activity: 546
Merit: 250
https://www.newsbtc.com/2019/01/31/cryptocurrency-scam-mac/

"The software steals credentials, including browser cookies, to allow access to cryptocurrency exchange accounts. CookieMiner, as the malware is known, targets exclusively Mac users owing to the cross-device functionality of Apple’s products.
In addition to stealing login details and creatively subverting security precautions, the CookieMiner malware also uses the victim’s machine to covertly mine an obscure digital asset called Koto.
...
Google Chrome and Apple Safari cookies are stolen.
Saved usernames and credit card information from Chrome are stolen.
Text messages backed up to Mac are stolen from victims’ iPhone.
Browser cookies are stolen to defeat login anomaly detection.
...
With this combination of login credentials and cookies, attackers can often bypass the two-factor authentication process protecting accounts.
...
CookieMiner also installs mining software on the infected machine. Palo Alto Networks claim that the program is made to look like a piece of Monero-mining software. However, instead of mining the most frequently cryptojacked asset, it sets Mac users’ machine mining Koto, another privacy-focused cryptocurrency associated with Japan that can be mined using just a CPU."
For you to get access on google chrome you should have the intelligence of thousands of website developers and programmers.For someone to steal someone's phone saved information there must be a bait or device control. Hijacking can be done using finest computer with program on it and i don't think just someone could do that to leading technology companies more of like movie twists.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
for example using Firefox you can go to your setting and type in "master password" in the settings search bar and check its box and set a strong encryption password

I know this option is enabled in Firefox, and it make sense to set master password., But user need to enter that master password only once per session (first time Firefox is open), and then all passwords are available. From the aspect of security how much is passwords safe from hack after user is unlock passwords with master password?

I see Google Chrome offer password manager, but I do not see any mention of master password as Firefox...

https://support.google.com/chrome/answer/95606?co=GENIE.Platform%3DDesktop&hl=en
legendary
Activity: 3038
Merit: 2162

sorry if this is a dumb question, but how exactly does this compromise 2FA?

all of the compromised data is browser-based (something you know, not something you have), with the exception of "stolen text messages". but old text messages shouldn't overcome SMS 2-factor authentication because those one-time codes are only good for a very limited time. and if you use TOTP-based 2FA, you should be completely safe.

can somebody walk me through this?

If found another article , and it says that stolen cookies can be used to fake the identity of victim's machine, and thus login without a 2FA check on some sites. However, there are still a lot of unexplained details, like how they avoid 2FA checks on withdrawals, how do they spoof IP address and so on.

It's an interesting topic and people who have very important online accounts, like traders, should definitely check it, so here's some links:

https://security.stackexchange.com/questions/178663/why-isnt-stealing-cookies-enough-to-authenticate

https://stackoverflow.com/questions/2498599/can-some-hacker-steal-the-cookie-from-a-user-and-login-with-that-name-on-a-web-s

Maybe on some sites you can remove 2FA if you have access to the email, and if this malware can give access to victims email, they can get all the control they need.
Pages:
Jump to: