Google Removes Malware Infected Two-Factor Authentication App Stealing Banking Details From Play Store

The app was removed after it accumulated over 10,000 downloads on the Play Store.

Advertisement
By David Delima | Updated: 1 February 2022 14:59 IST
Highlights
  • The 2FA Authenticator app was infected with the Vultr malware
  • It is capable of recording the screen when a banking app is used
  • The malware mimicked an open-source two-factor authentication app

Users who installed the infected app will have to manually remove it from their devices

Photo Credit: Pixabay/ andrekheren

Two-factor authentication is widely considered one of the best ways of securing accounts online, but a fraudulent application posing as one was recently caught stealing financial information of users on Android smartphones. A security firm discovered that the app was posing as an open-source application that offers the same functionality. The two-factor authentication app, which was infected with a nefarious banking trojan, was downloaded over 10,000 times before it was removed by Google in the latest example of malicious developers finding new ways to steal user information.

The ‘2FA Authenticator' app was recently identified as malware by researchers from security firm Pradeo and contains the dangerous Vultur Android malware. Attackers that infect Android devices with the Vultur malware can use remote access software to mirror a user's screen and steal login credentials. The malware was first discovered last year and is able to record a smartphone's screen while finance-related apps are being used.

The listing for the app on the Google Play store, which is currently unavailable
Photo Credit: Screenshot/ Google Play

Advertisement

According to the researchers, the 2FA Authenticator app is designed to mimic the interface of the open-source Aegis Authenticator application, in order to maintain a low profile. It attacks users devices in two stages. The application's malicious code allows it to collect and transmit a list of the applications installed on a users phone and their location, and then use attacks at applications used in those regions. It is also capable of disabling the phone's PIN or password and downloading third-party apps under the guise of providing updates.

Advertisement

After identifying the user's region, the malware installs the Vultur malware, which can use remote screen access to steal user credentials from a user's smartphone when banking and cryptocurrency applications are opened. The malware can also perform activities when the app is closed and takes advantage of a critical permission called SYSTEM_ALERT_WINDOW to overlay applications on the smartphone. The application spent 15 days on the Google Play store where it racked up over 10,000 downloads, before it was removed by Google. However, users who have the app installed on their device should remove the app immediately, according to the researchers.

Why is 5G taking so long? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Further reading: Android Malware, Two Factor Authentication, Android, Google, Vultur Malware, Banking Trojan, Pradeo Security
BlackBerry to Sell Patents Related to Mobile Devices, Messaging for $600 Million
Advertisement

Related Stories

Android Malware Detected Using Machine Learning to Automatically Detect and Click on Ads
23 January 2026
Android Devices Vulnerable to New ‘Sturnus’ Malware That Attacks Bank Apps, Bypass E2E Encryption: Report
26 November 2025
SparkCat Crypto Stealer Malware Infected Multiple Apps on Play Store, App Store
6 February 2025
ToxicPanda Banking Trojan Infects Over 1,500 Android Smartphones, Targets 16 Banks: Report
7 November 2024
Telegram for Android Vulnerability EvilVideo That Lets Hackers Deploy Malware as Video Files Detected: Report
23 July 2024
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Scientists Uncover 'Calcium Leak' as Our Planet's Natural Thermostat
  2. Sarvam Maya Streams on JioHotstar From January 30: Details
  3. NASA Gears Up for SpaceX Crew-12 Mission Ahead of February Launch
  4. Raakaasa Set for OTT Release on Netflix: All You Need to Know
  5. Top Republic Day 2026 AI Photo Editing Prompts to Create Stunning Images
  6. BSNL VIP Numbers Explained: What Is It, E-Auction Process, Charges, and More
#Latest Stories
  1. NASA Evaluates Early Liftoff for SpaceX Crew-12 Following Rare ISS Medical Evacuation
  2. Raakaasa OTT Release Details: What You Need to Know About Niharika Konidela’s Horror Fantasy Film
  3. Sinking Calcium Carbonate Locked Away Greenhouse Gases, Reveals New Study
  4. Sarvam Maya Set for OTT Release on JioHotstar: All You Need to Know About Nivin Pauly’s Horror Comedy
  5. Europa’s Hidden Ocean Could Be ‘Fed’ by Sinking Salted Ice; New Study Boosts Hopes for Alien Life
  6. The Rookie Season 8 Now Available for Streaming Online: Where to Watch Nathan Fillion-Starrer Cop Drama Online?
  7. Scientists Search the Big Bang’s Afterglow for Signs of Colliding Parallel Universes
  8. Giant Ancient Collision May Have ‘Flipped’ the Moon’s Interior, Study Suggests
  9. VLT’s GRAVITY Instrument Detects ‘Tug’ from Colossal Exomoon; Could Be Largest Natural Satellite Ever Found
  10. Young Sherlock Now Set for OTT Release on OTT: What You Need to Know About Guy Ritchie’s Mystery Thriller
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.