Google has removed a fraudulent two-factor authentication app from its Play Store after it was discovered to be stealing users’ financial information on Android smartphones.<\/p>\n
2FA Authenticator \u2014 as the app was named \u2014 was identified to be a trojan-dropper as it is leveraged by cybercriminals to install malware secretly.<\/p>\n
This is according to researchers at Pradeo<\/a><\/strong>, the security firm that first identified the malicious application.<\/p>\n 2FA Authenticator, which more than 10,000 Android users downloaded, initiated a two-stage attack once installed.<\/p>\n During the first stage, 2FA Authenticator requested critical permissions that it does not mention on its Google Play profile.<\/p>\n In combination with the code that the application executes, the permissions enabled it to send the user’s location and list of applications to the culprits, disable the keylock and associated password security, and download third-party applications.<\/p>\n In the second stage of the attack, 2FA Authenticator would attempt to install banking malware on the device.<\/p>\n These third-party applications were presented as software updates to the victims.<\/p>\n Pradeo said that the malicious application installs malware called Vultur.<\/p>\n The cyber security company describes Vultur as an “advanced and relatively new kind of malware that mostly targets online banking interfaces to steal users’ credentials and other critical financial information.”<\/p>\n The 2FA Authenticator application spent 15 days on the Play store before Google removed it.<\/p>\n Google has removed a two-factor authentication app from the Play Store after it was discovered to be malicious.<\/p>\n","protected":false},"author":341076,"featured_media":432412,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[397,167,10100,801,76246,38240,76244],"class_list":["post-432406","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-android","tag-google","tag-google-play","tag-malware","tag-pradeo","tag-two-factor-authentication","tag-vultur"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/432406"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=432406"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/432406\/revisions"}],"predecessor-version":[{"id":432452,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/432406\/revisions\/432452"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/432412"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=432406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=432406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=432406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nNow read: Ransomware attack took down R2 trillion investment company for five days<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"