Check Point Software Technologies Ltd. (Nasdaq: CHKP) recently announced the discovery of new malware, known as "Swearing Trojan," reported to the firm by Tencent Security. The Swearing Trojan is said to get is name from Chinese curse words embedded in the code of the virus.
Perhaps most disturbingly, once infected, the Trojan can bypass two-factor authentication, rendering it "useless." The computer security firm has expressed concerns that the virus has the potential to "spread worldwide."
Two-factor authentication involves an app requiring both a password, and a one-time code, typically sent to a smartphone, to grant access to personal records.
CNET has reported on a 2011-hack of RSA, which involved hackers accessing authentication tokens, showing that two-factor authentication, even before reports of the Swearing Trojan, was not fool-proof. Sill, two-factor authentication has been described as "disabling a subset of the hacking community."
Users tricked into clicking 'deceptive' content
Check Point reports two general ways victims of the Swearing Trojan become infected, either by downloading a compromised app, or being lured into clicking on a malicious URL sent via SMS from fake base receiver stations, making it appear that users are receiving communications from Chinese telecommunications providers.
The Israeli firm described the fake base station methodology as "sophisticated," and the content as "very deceptive." Reports of messages appearing to have been sent by friends and loved ones are reported. Additionally, the virus may spread through photos, videos, work documents, updates to apps, and even trending events on MMS.
After the Swearing Trojan installs itself, it goes through contacts, sending deceptive SMS messages to them, further proliferating. Data is said to be transmitted to operators of the malware via SMS and email, described as "providing good cover" from attempts at detection and tracing. The malware is reported to continue to spread, despite the arrest of the person thought to be the author by Chinese authorities.
Check Point reports that researchers are still observing "new Swearing Trojan variants in the wild."
New malware compared with HummingBad
Comparing the Swearing Trojan with other Chinese malware like HummingBad, researchers have cited a possibility that the still-evolving malware could spread beyond Chinese borders, worldwide. Similarities between the Swearing Trojan and "western malware" have been observed, prompting computer engineers to advise computer and smartphone users to install security software, such as Check Point's Mobile Threat Prevention.