Google removes malware-infected two-factor authentication app that steals bank details from Play Store


Two-factor authentication is widely considered one of the best ways to secure online accounts, but a scam app posing as one was recently caught stealing users’ financial information from smartphones. Android. A security firm discovered that the app presented itself as an open-source app offering the same functionality. The two-factor authentication app, which was infected with a nefarious banking trojan, was downloaded more than 10,000 times before being taken down by Google in the latest example of malicious developers finding new ways to steal user information.

The “2FA Authenticator” application was recently identified as malware by researchers from a security company Pradeo and contains the dangerous Vultur Android malware. Attackers who infect Android devices with Vultur malware can use remote access software to mirror a user’s screen and steal login credentials. The malware was first discovered last year and is capable of recording a smartphone screen while using finance-related apps.

The listing of the app on the Google Play Store, which is currently not available
Photo credit: Screenshot/ Google Play

According to researchers, the 2FA Authenticator app is designed to mimic the open-source interface Aegis Authenticator request, in order to maintain a low profile. It attacks user devices in two stages. The app’s malicious code allows it to collect and transmit a list of apps installed on a user’s phone and their location, and then attack the apps used in those regions. It is also able to disable phone PIN or password and download third party apps under the guise of providing updates.

After identifying the user’s region, the malware installs Vultur malware, which can use screen remote access to steal user credentials from a user’s smartphone when banking and cryptocurrency apps are open. The malware can also perform activities when the app is closed and takes advantage of a critical permission called SYSTEM_ALERT_WINDOW to overlay apps on the smartphone. The app spent 15 days on the Google Play Store where it racked up over 10,000 downloads, before being removed by Google. However, users who have installed the app on their device should remove the app immediately, according to the researchers.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebookand Google News. For the latest gadget and tech videos, subscribe to our Youtube channel.

As a technology writer with Gadgets 360, David Delima has interests in open source technology, cybersecurity, consumer privacy, and enjoys reading and writing about how the internet works. David can be reached by email at, as well as on Twitter at @DxDavey. Following

BlackBerry to sell patents related to mobile devices and messaging for $600 million

Related stories


Comments are closed.