Two-factor authentication (2FA) is a crucial security measure to protect online accounts, but a new threat called “quishing” has emerged to bypass it. Quishing involves tricking users into installing a malicious app that steals their 2FA codes, allowing attackers to gain access to accounts. This technique is particularly dangerous as it can bypass SMS-based 2FA, which is still widely used. Sophos researchers discovered quishing attacks targeting Android devices, but it could potentially affect other platforms as well. To stay safe, users should be cautious when installing new apps and only use authenticator apps from trusted sources. Additionally, enabling app-specific passwords and using more secure 2FA methods like TOTP or U2F keys can help mitigate the risk.
Original article: https://news.sophos.com/en-us/2024/10/16/quishing/
