CATEGORIES
home News

Delete This Authenticator Android App Immediately To Avoid Its Banking Malware Payload

by Lane BabuderSaturday, January 29, 2022, 02:24 PM EDT
vultures news
A Two-Factor Authentication (2FA) app that's been making the rounds on Google Play could steal your banking information, say researchers at Pradeo, a mobile security research and product provider based out of France. According to the team, the app was removed from the Google Play store, however, it remained active and available for 15 days, driving 10,000+ confirmed installations. Reportedly, that app also includes a "trojan-dropper" that will install bank information-stealing malware onto the end-users mobile device. It is advised the app be removed immediately by anyone who installed it. The following are the details of the app so that you can remove the app yourself.
  • Application ID
    • https://play.google.com/store/apps/details?id=com.privacy.account.safetyapp (the app has since been removed)
    • 2FA Authenticator
    • com.privacy.account.safetyapp
    • Version 1.0
The app in question presents itself as a multi-factor authentication utility called “2FA Authenticator” which was identified as a “trojan-dropper” by Pradeo. The app will install malware known as Vultur, which was designed specifically to steal mobile app user banking information. Unfortunately for the 10,000+ users who installed the software before it was pulled from the Google Play Store it actually was a legitimately working multi-factor authentication software. The app utilized open-source code for the Aegis authentication application, which the criminals then injected with the malware to steal people’s banking data.

2FA Authenticator malware scam app
If this app is on your phone, delete it now. It's malware and will steal banking credentials

The attack worked in two stages. The first stage is to bypass permissions access requests allowing the app access to details on the device. This then allows the app to collect and send user’s app list, and localization information. The permission granted also allowed it to disable almost any security functionality on the device, download apps without permission, perform functions even if the app is closed, and overlay other applications with their own interfaces. The overlay is a pretty tricky way to throw up a false login page or other methods of stealing data. The second part of this malware app is to trigger the installation of the Vultur malware, in order to steal the victim’s banking information.

As stated before, it is advised that anyone who may have installed this app to remove it immediately. The full report from Pradeo is available here.
Tags:  Malware, security, trojan, twofactorauthentication, 2fa
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment