Secured online transactions may comprise two authentication steps before a transaction is executed. Such authentication is conventionally used in online banking transactions, for example. A user may be requested to input a specific password in connection with accepting the transaction in his/her online bank account. The second authentication may be in the form of a mobile transaction authentication. When the user has initiated the transaction, a transaction authentication number (TAN) is generated by the bank and sent to the user's mobile phone by a short messaging service (SMS) message. The SMS message may also include transaction data allowing the user to verify that the transaction has not been modified in the transmission. Upon receiving the verification from the user via the SMS, the transaction may be executed.
Even such a dual-step authentication is prone to malicious software An example of such a malicious software comprises one software component infecting the user's home computer and another infecting the user's the mobile phone. The software component in the user's home computer may capture the user's banking password and initiate a fraudulent transaction without the user noticing it. Once the SMS has been delivered to the mobile phone, the software component on the mobile phone intercepts the SMS and verifies the transaction without the user ever noticing.