Voice One Time Password stealer Malware

If you think you are safer with two-factor authentication than now it’s time to think. A new type of trojan named Andriod.Bankosy is capable of stealing user’s voice based OTP or one-time passwords. Most of the Banks are using SMS and voice based Authentication to send OTP to registered devices for second-factor authentication. In the past, there have been several cases where malware was installed in the user devices to steal the OTP send via SMS. So to keep user second-factor authentication safe many banks are using Voice based OTP. Now, malware authors have developed a new way to steal voice based OTP.

So how does Android.Bankosy  works? 

Once the malware is introduced on the user’s gadget, it opens a backdoor, collects a list of system-specific information, and sends it to the command and control (C&C) server to enroll the gadget and after that get an extraordinary identifier for the infected gadget. If the registration is successful, it uses the received unique identifier to further communicate with the C&C server and receive commands.


The Trojan intercepts 2FA voice codes if instructed and forwards the phone calls to the number of the attacker.

To forward calls in the Asia-Pacific region, several operators deploy a service code which is in the format *21*[destination number]#. And the malware author has implemented the above format in the trojan.

How to protect?

To protect against this kind of malware on mobile devices, it is recommended to follow the following steps.

  • Ensure your software is updated
  • Do not download apps from random sites/unknown sources
  • Install apps which are from trusted sources alone
  • Read the permission requests an app asks for carefully
  • Use a good mobile anti-virus app  to safeguard your data/device
  • Backup important data frequently


Manish Dangol

Leave a Reply

Your email address will not be published. Required fields are marked *