Malicious 2FA App Found on Google Play GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Software & Apps 25 25 people found this article helpful

Malicious 2FA App Found on Google Play

The app clocked over 10,000 downloads before it was removed

By Mayank Sharma Mayank Sharma Freelance Tech News Reporter Writer, Reviewer, Reporter with decades of experience of breaking down complex tech, and getting behind the news to help readers get to grips with the latest buzzwords. lifewire's editorial guidelines Published on January 28, 2022 01:08PM EST Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Software & Apps Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Cybersecurity researchers have helped delist a fake two-factor authentication (2FA) app from the Google Play store, which concealed a well-known banking credential-stealing malware. The app, named 2FA Authenticator, was discovered by security sleuths at security firm, Pradeo. It disguised itself as a legitimate 2FA app and used the cover to push the relatively new but extremely dangerous Vultur malware designed to steal banking credentials. Ali Kerem Yucel / Getty Images In their report, researchers note the fully functional 2FA authenticator app was removed from Google Play on January 27, after remaining available on the store for over two weeks, where it saw over 10,000 downloads. According to the researchers, the threat actors developed the app using the genuine, open-source Aegis authentication application before infusing malicious functionality into it. Pradeo claims the fake app's elaborate deception allowed it to successfully disguise itself as an authentication tool and pass casual user scrutiny. What spooked the researchers, however, was the app's elaborate requests for permissions, including camera and biometric access, system alerts, package querying, and the ability to disable the keylock. These permissions are far greater than those required by the original Aegis application, and they weren't disclosed in the app's Google Play profile. They also leave users at risk from financial data theft and other follow-up attacks, even if the downloader didn't use the app. While the fake 2FA app has been removed from the Play Store, Pradeo warns users who have installed the app to manually remove it immediately. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Is Google Play Safe? How to Buy Music on Android Without Google Play How to Use Skype for Chromebook 3 Best Free Antivirus Apps for Android Phones Can Chromebooks Get Viruses? How to Allow Camera Access on Snapchat How to Install Google Play on Kindle Fire How to Use BlueStacks to Run Android Apps on Windows What Is Google Play Protect and How Does It Work? What Is Google Play? How to Set Up a Google Chromecast How to Install Kodi on Android How to Share an App on Android How to Fix It When the Google Play Store Is Not Working How to Resolve Google Play Store Errors Finding Apps on Google Play Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies