Research firm Pradeo has a warning for Android smartphone users. The security research company recently detected a malicious app called 2FA Authenticator on Google Play store. The app with 10,000-plus users is apparently a trojan-dropper. This means that hackers and cybercriminals use it to secretly install malware on users’ mobile devices. The 2FA Authenticator app is said to inject another malware called Vultur in users’ phones and steal their financial information, including banking and other details. “Our analysis revealed that the dropper automatically installs a malware called Vultur which targets financial services to steal users’ banking information,” says the research report.
The company notified Google about the app and the latter has removed it from Google Play Store. However, while Google removing the app means that there can no longer be anymore victims of the app, the existing users need to delete it from their devices, and they need to do it manually.
How 2FA Authenticator app works
The 2FA Authenticator requests critical permissions that it does not disclose on its Google Play profile. These hidden permissions and the malicious code the app executes enable it to automatically:
The company notified Google about the app and the latter has removed it from Google Play Store. However, while Google removing the app means that there can no longer be anymore victims of the app, the existing users need to delete it from their devices, and they need to do it manually.
How 2FA Authenticator app works
The 2FA Authenticator requests critical permissions that it does not disclose on its Google Play profile. These hidden permissions and the malicious code the app executes enable it to automatically:
- Collect and send users’ application list and localization to its hackers so that they can use the information for attacks
- Disable the keylock and any associated password security
- Download third-party apps under the garb of software/system updates
- Freely perform activities even when the app is shut off
- Overlay other mobile app’s interface using a critical permission called SYSTEM_ALERT_WINDOW for which Google specifies “Very few apps should use this permission; these windows are intended for system-level interaction with the user.”
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
