If you are using 2FA Authenticator, an Android available in Google Play. According to Pradeo, a mobile security firm the app is supposed to help Android users be safe online, instead, the app has turned out to be a “trojandropper”.
The mobile security firm findings suggest hackers are using the app to distribute malware on users’ mobile devices, the 2FA Authenticator has now been installed by over 10,000 users.
The app is widely used to validate your identity, at times by banks to ensure the person trying to speak to them is the same person who holds the accounts. A text with a code is sent to your phone, when you punch the correct code you get authenticated and the bank sees it. Though the same is now being used to install dangerous malware called Vultur on your handset.
The Vultur Malware is being used to target financial services apps to steal users’ banking information and money. Pradeo has informed the Google Play team about this vulnerability and has been removed 15 days later on January 27th from Google Play Store. Users are also advised to uninstall this app from their phones and tablets.
The 2FA Authenticator app asks permission to take pictures and videos using the camera, in the process it disables the screen lock to get full access to the network, run at startup, draw over other apps, and prevent your device from sleeping. The app secretly without the knowledge of the device owner gets permission to disable the keyboard, access the internet and foreground services, query all packages, use biometrics, and use the victim’s fingerprint.
With the permissions to use biometrics and the victim’s fingerprint, the app is able to get into the user’s financial apps and accounts and steal the information that allows it to access the user’s bank, other financial institutions, and rob him blind.
While the other permissions enable the malware to carry out tasks even while the app is shut down. With the permissions granted the malware is able to install third-party apps pretending to be an update. While another permission allows it to disable the keylock and any associated password security. According to Google, “Very few apps should use this permission; these windows are intended for system-level interaction with the user.” and this is exactly what the malware does: it gives permission for SYSTEM_ALERT_WINDOW.
The 2FA Authenticator has been removed from Google Play Store, but it can still be lurking on your phone. Make sure to remove the app properly from your phone.
How to Properly Remove the 2FA Authenticator AppFrom Your Phone?
To properly remove the 2FA Authenticator app from your phone
- Go to Settings > Apps and look for 2FA Authenticator or another suspicious app.
- Tap the three dots in the top right corner of the screen and select “Show system” because malicious apps sometimes park there.
- If 2FA Authenticator is listed, delete it.
North Korean Hackers Use Windows Update Service to Infect PCs with Malware
Shipment Delivery Scams – Popular Way to Spread Malware
Linux Distros Haunted by Polkit Bug for 12 years – Grants Root Access to any User