One drawback to this technique, Stefanko points out, is that it can steal only the text that fits in the notification. Anything outside it remains hidden to the attacker. While this may not always include the one-time access code, a hacker would be successful in most cases. It appears that this technique is actively tried on Turkish cryptocurrency users, as another app was discovered last week operating in the same way. |