Security firm Pradeo has just discovered an application on the Google Play Store that is capable of installing malicious trojans on users’ devices.
|(Photo: CSO Online)|
According to Pradeo, the 2FA Authenticator app is not as useful as its name suggests. 2FA – two-factor authentication – is a fairly common technology for protecting your accounts. For example, when you want to perform a certain transaction, the bank will send a text message containing a confirmation code to the phone. If you enter the correct code, you have confirmed your identity and the bank in which the transaction was made.
However, 2FA Authenticator is used to install Vultur malware on the device. Vultur targets financial services applications to steal their account information as well as funds. Security firm Pradeo recommends, if you are installing 2FA Authenticator on your mobile phone or tablet, delete it immediately. The app has been downloaded more than 10,000 times. Pradeo informed Google about the app and on January 27, it was removed.
Even worse, 2FA Authenticator also asks for permission to take photos, record videos with the camera, disable the lock screen, access the network, run at startup, overwrite other apps, prevent the device from entering “sleep” mode ” (sleep). Not only that, it also secretly obtained other rights such as disabling the keyboard, accessing the Internet, using biometrics, using the victim’s fingerprint. With biometrics and fingerprints, it can break into financial and account applications, steal information to log into bank accounts and then steal money.
Other permissions allow malicious code to perform actions even when the application is shut down. One of the malware’s permissions is to allow installing third-party apps as updates. Vultur will record all your keystrokes, for example passwords.
To remove 2FA Authenticator, go to Check Settings > Apps and search for the app. Click on the three circles in the upper right corner of the screen, select “Show system” because sometimes malicious applications will appear here. Delete it now before it “burns” your bank account.
Du Lam (According to PhoneArena)