Google removes two-factor authentication app from Play Store that steals banking details

Two-factor authentication is supposed to keep your details even more secure. Many use 2FA apps as their way to secure their accounts online.

However, in a world where cybercriminals are very widespread, even these apps are now infiltrated with malware that exhausts the things you have been striving to keep secure.

Google removes malware-infected a two-factor authentication app from the Play Store. As it turns out, this app has been stealing banking details from Android users.

Related:

• Ransomware attackers are now targeting insiders
• Researchers discover a dangerous malware that can survive OS reinstalls
• Scammers steal WhatsApp users’ bank details by asking ‘one simple question’

Google deletes a 2FA app from the Play Store because of malware

What has been considered as one of the best ways to secure online accounts has been exploited to steal banking information from users.

Recently, a security firm has discovered an app posing as an open-source application that offers a two-factor authentication feature. The 2FA app has been infected with a nefarious banking trojan.

And what’s worse, the app has already been downloaded over 10,000 times before Google was able to remove it from the Play Store.

Researchers from a security firm Pradeo identified the ‘2FA Authenticator’ app as malware and this app has the dangerous Vultur Android malware.

What happens is attackers that infect Android device with the malware can use remote access software to mirror the victim’s screen and that when they steal your credentials.

The malware was first discovered last year and is able to record the victim’s screen while using finance-related apps on the device.

Read: Anti-phishing: Google made it easier to add security keys to secure accounts

As reported by the researchers, the 2FA Authenticator app is designed to copy the interface of the open-source Aegis Authenticator application, in order to stay low key.

Get this, the app attacks in two stage. First, the app’s malicious code allows it to get and send a list of apps installed on the victims phone as well as their locations. Second, it then attacks those apps used in those regions.

And not just that, the app is also capable of disabling the victim’s phone PIN or password and installing third-party apps that are disguised as offering updates.

Also read: 1Password now offers a safe and secure way to share passwords with just a link

Malware screen mirror’s device to get banking credentials

After identifying the user’s region, the malware then installs the Vultur malware in the device which the attacker will use to remotely access and steal user credentials once banking and other finance-related apps are used.

Furthermore, the malware can even perform activities even when the app is closed by taking advantage of a critical permission called SYSTEM_ALERT_WINDOW to cover apps on the smartphone.

The 2FA Authenticator has spend 15 days in the Play Store and accumulated over 10,000 installs before Google removed it. And if you have installed the app, researchers advise to delete the app immediately because the malware might be mirroring your screen already without you knowing.

More tech news:

• Samsung patents dual-folding smartphone with S Pen slot
• What are the colors to expect for the upcoming Galaxy S22 series?
• Google warns users against critical and high threat flaws found in Chrome