[Mobile Application]
Security Research Center
SMS attacks
Malware can capture the contents of SMS messages to, for example, perform a malicious multi-factor authentication.
The malware typically requests permissions that may seem legitimate in the context of the app, but are actually intended to access SMS messages. For example, a fake messaging app might logically request access to SMS.
With the necessary permissions, the malware can intercept incoming SMS messages. This is particularly concerning for messages containing MFA codes, which are used as a second layer of security beyond passwords. The malware can programmatically read these messages and extract sensitive information like MFA codes without the user's knowledge.
Defense techniques overview
---
title: Malware clipboard attacks
---
graph TD
all[All malware attacks] --> steal_sms
click all href "/mobile-app-security-research-center/malware/overview" "Malware overview"
steal_sms[Spy on users' SMS messages]
steal_sms --> mfa([2FA/MFA ⭐])
style mfa fill:lightgreen
click mfa href "/mobile-app-security-research-center/malware/multi-factor-authentication" "Multi factor authentication"
Recommended defense tactics
We recommend using multi-factor authentication.
Guardsquare
Connect with the author
Table of contents
