Image credit: source
Research firm Pradeo has a warning for Android smartphone users. The security research company recently detected a malicious app called 2FA Authenticator on Google Play store. The app with 10,000-plus users is apparently a trojan-dropper. This means that hackers and cybercriminals use it to secretly install malware on users’ mobile devices. The 2FA Authenticator app is said to inject another malware called Vultur in users’ phones and steal their financial information, including banking and other details. “Our analysis revealed that the dropper automatically installs a malware called Vultur which targets financial services to steal users’ banking information,” says the research report.
The company notified Google about the app and the latter has removed it from Google Play Store. However, while Google removing the app means that there can no longer be anymore victims of the app, the existing users need to delete it from their devices, and they need to do it manually.
How 2FA Authenticator app works
The 2FA Authenticator requests critical permissions that it does not disclose on its Google Play profile. These hidden permissions and the malicious code the app executes enable it to automatically:
The company notified Google about the app and the latter has removed it from Google Play Store. However, while Google removing the app means that there can no longer be anymore victims of the app, the existing users need to delete it from their devices, and they need to do it manually.
How 2FA Authenticator app works
The 2FA Authenticator requests critical permissions that it does not disclose on its Google Play profile. These hidden permissions and the malicious code the app executes enable it to automatically:
- Collect and send users’ application list and localization to its hackers so that they can use the information for attacks
- Disable the keylock and any associated password security
- Download third-party apps under the garb of software/system updates
- Freely perform activities even when the app is shut off
- Overlay other mobile app’s interface using a critical permission called SYSTEM_ALERT_WINDOW for which Google specifies “Very few apps should use this permission; these windows are intended for system-level interaction with the user.”
(Excerpt) Read more Here | 2022-01-31 08:08:00
