One-time passcodes are being intercepted by a malware program for Android. The malware, called Android.Bankosy, has been updated to intercept the codes. The codes are part of so-called two-factor authentication systems. The one-time code is used with the victim’s login credentials, which the attackers have already obtained. Symantec detected Bankosy in July 2014, and it also prompted victims to enter their payment card information in a more bold attempt at fraud.”]
Source: https://www.csoonline.com/article/3021825/android-malware-steals-one-time-passcodes.html