Search

Google Removes Malware Infected Two-Factor Authentication App Stealing Banking Details From Play Store

The app was removed after it accumulated over 10,000 downloads on the Play Store.

Advertisement
Highlights
  • The 2FA Authenticator app was infected with the Vultr malware
  • It is capable of recording the screen when a banking app is used
  • The malware mimicked an open-source two-factor authentication app
Google Removes Malware Infected Two-Factor Authentication App Stealing Banking Details From Play Store

Users who installed the infected app will have to manually remove it from their devices

Photo Credit: Pixabay/ andrekheren

Two-factor authentication is widely considered one of the best ways of securing accounts online, but a fraudulent application posing as one was recently caught stealing financial information of users on Android smartphones. A security firm discovered that the app was posing as an open-source application that offers the same functionality. The two-factor authentication app, which was infected with a nefarious banking trojan, was downloaded over 10,000 times before it was removed by Google in the latest example of malicious developers finding new ways to steal user information.

The ‘2FA Authenticator' app was recently identified as malware by researchers from security firm Pradeo and contains the dangerous Vultur Android malware. Attackers that infect Android devices with the Vultur malware can use remote access software to mirror a user's screen and steal login credentials. The malware was first discovered last year and is able to record a smartphone's screen while finance-related apps are being used.

2fa malware pradeo security vultr malware

The listing for the app on the Google Play store, which is currently unavailable
Photo Credit: Screenshot/ Google Play

According to the researchers, the 2FA Authenticator app is designed to mimic the interface of the open-source Aegis Authenticator application, in order to maintain a low profile. It attacks users devices in two stages. The application's malicious code allows it to collect and transmit a list of the applications installed on a users phone and their location, and then use attacks at applications used in those regions. It is also capable of disabling the phone's PIN or password and downloading third-party apps under the guise of providing updates.

After identifying the user's region, the malware installs the Vultur malware, which can use remote screen access to steal user credentials from a user's smartphone when banking and cryptocurrency applications are opened. The malware can also perform activities when the app is closed and takes advantage of a critical permission called SYSTEM_ALERT_WINDOW to overlay applications on the smartphone. The application spent 15 days on the Google Play store where it racked up over 10,000 downloads, before it was removed by Google. However, users who have the app installed on their device should remove the app immediately, according to the researchers.


Why is 5G taking so long? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

 
Show Full Article
Please wait...
Advertisement

Related Stories

Popular Mobile Brands
  1. Lenovo Yoga Tab Plus With 12.7-Inch Screen, AI Features Launched in India
  2. From Rs. 40K to Rs. 60K: Something for Everyone This Prime Day
  1. Indian Startup QWR Unveils AI-Powered Smart Glasses Humbl, to Be Shipped Later This Year
  2. Elon Musk Says Grok Chatbot Is Coming to Tesla Vehicles by Next Week
  3. Amazon Introduces Rewards Gold Cashback Program Ahead of Prime Day 2025 Sale
  4. Vivo T4R 5G Tipped to Launch in India Soon; May Get MediaTek Dimensity 7400 SoC
  5. Musk's Starlink Receives India's Final Regulatory Nod for Launch
  6. Google Announces Rollout of Ads in AI Overviews in India, AI-Powered Ad Solutions
  7. Amazfit Active 2 Square Launched in India With Over 160 Sports Modes, Bluetooth Calling: Price, Specifications
  8. Musk-Owned X's CEO Linda Yaccarino to Step Down in Surprise Move
  9. Oppo Reno 15 Series Launch Timeline Tipped; Base Variant Could Get a Compact Display
  10. Acer Iconia Tab iM11 Launched in India With 11.45-Inch Screen, 7,400mAh Battery: Price, Features
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »