Two weeks ago, it was possible to download a two-step verification app from Google Play, which offered a banking Trojan in addition to security.
The app has been downloaded more than ten thousand times from Google Play and got bank details and other personal information. It concerns Android malware Vultur, which was discovered in 2021. The malware uses advanced screen sharing technology, allowing hackers to monitor the data you use to log in here and there in real time.
Malware masquerading as 2fa app
The app in question, now removed from Google Play, actually gave users the option to use 2fa (two-factor authentication). But behind the scenes, the app has meanwhile collected a list of apps that are on the user’s smartphone. In addition, it looked at the location, disabled the locked screen and downloaded third-party apps as if they were important “updates”.
The app, called 2FA Authenticator, went live in Google Play on January 12. On January 26, Google discovered that it was a rogue application; and twelve hours later, the search engine giant removed the application. It is unknown if Google notified the app’s downloaders that they installed an app that stole their data. That just goes to show how sharp you need to stay when downloading seemingly reliable apps.
