Mobile security company Pradeo discovered an app on the Google Play Store that was supposed to be used to help Android users feel safer online. Instead, the app turned out to be a "Trojan" used by hackers to spread malware on consumers' mobile devices. The app, called 2FA Authenticator, has been installed by more than 10,000 users.
This app places malware on your device that steals your banking information and takes your money.
The irony is clear. 2FA, also known as two-factor authentication, is used to validate your identity. Let's say your bank wants to make sure that the person trying to talk to them about your account is you. So they send a text message with a code number to your phone. Once you enter the correct code number from the text, you have verified your identity as far as the bank sees it. However, the 2FA Authenticator app was used to install dangerous malware called Vultur on his phone.
The malware adds permissions you didn't grant, the ones on the right, to make it easier to steal your money.
Vultur is designed to target financial services apps so that it can steal users' banking information and take their money. Pradeo suggests that if you have this app on your phone or tablet, remove it immediately. Pradeo informed the Google Play team about this discovery, and 15 days later it was removed from the Google Play Store on January 27.
It's bad enough that the 2FA Authenticator app asks for permission to take photos and videos with your device's camera, disables screen lock, has full network access, runs at startup, draws over other apps, and prevents your device from crashing. falls asleep Unbeknownst to the device owner, the app was secretly granted other permissions, including the ability to disable the keyboard, permission to access the Internet and foreground services, permission to check all packages, permission to use data biometrics and use the victim's fingerprint.
The last two, which were the ability to use biometric data and the victim's fingerprint, could reveal how the app can break into a user's financial accounts and applications and steal the information that allows it to access the user's bank, other financial institutions and steal blindly.
Other dangerous permissions allow malware to perform activities even when the app is turned off. One of the permissions granted by the malware allows you to install third-party applications under the guise of being an update. Another disables keylock and any associated password security, and yet another grants permission for SYSTEM_ALERT_WINDOW of which Google says: “Very few apps should use this permission; these windows are intended for system-level interaction with the user.”
We're not your mom, but we want to help you avoid being scammed by malicious apps. If you're a loyal PhoneArena reader, you know we're constantly reminding you that if you're not familiar with the developer of an Android app you're about to install, look for red flags in the comments section of the Play Store. . And of course there is one for 2FA Authenticator.
Written less than a week ago, the comment reads “DO NOT DOWNLOAD THIS APP!!!” I just downloaded it and it tried to force me to install some BS update from the internet as soon as I opened the app and when I closed the app it forced itself to open again and again and again so I had to restart my phone to remove the app. Don't download it." What kind of phone owner would install an app after reading that comment about it?
Although the app is no longer on the play store, it may still be on your phone
The Vultur malware that 2FA Authenticator “places” on your phone will log every keystroke you make, including invisible keystrokes such as passwords. We don't have to tell you how dangerous this is. The unique package name is “com.privacy.account.safetyapp”. Just because the app has been removed from the Play Store does not mean that it has been removed from your phone.
0 Comments