Threat actors could exploit Android's LSPosed framework to alter system-level processes, including the runtime environment, and covertly compromise mobile payment apps, according to Infosecurity Magazine.Intrusions involve the use of the Digital Lutera module that weaponizes Android APIs to obtain SMS verification tokens, mimic phone numbers, collect two-factor authentication codes, embed fraudulent SMS records into device databases, and leverage real-time command servers for unwanted payment app access and transaction approvals, a report from CloudSEK researchers. Aside from enabling scalable account hijacking, attackers could also harness the technique to facilitate real-time fraud, with a Telegram channel observed to have included over 500 login-related messages signifying the proliferation of the intrusion approach.With the attack revealing gaps in banking apps' trust models and the persistence of system-level modules even after the removal of infected apps, mobile payment providers have been advised to implement more stringent SMS delivery backend validation, hardware-based verification, and carrier-level confirmation methods.
