Malware sidesteps Google permissions policy with new 2FA bypass technique
released on 2019-06-17 @ 04:48:36 PM
ESET has discovered malicious apps capable of accessing one-time passwords (OTPs) in SMS 2FA messages without using SMS permissions, circumventing Google’s recent restrictions. As a bonus, this technique also works to obtain OTPs from some email-based 2FA systems.