Share this:

Like this:

Here’s how an Android 2FA app stole bank accounts

A man knocking on a phone with a credit card in his hand
WAYHOME studio /

A fake two-factor authentication app on Android actually hid a banking trojan that could steal financial data and other personal information. If you're one of the 10,000 people who have downloaded it, get rid of it right now.

Researchers from Pradeo discovered the app, which was aptly named 2FA Authenticator. It installs a trojan called Vultur, which has been infecting Android phones for over a year.

Roxane Suau of Pradeo said: "Our analysis revealed that the dropper automatically installs a malware called Vultur, which targets financial services to steal users' banking information."

Apparently, the app was well-designed to look like a legitimate 2FA tool. According to Pradeo, "It was developed to look legitimate and provide a real service. To do that, its developers used the open source code for the official Aegis authentication application to which they injected malicious code."

The malware works in two phases. First, it profiles the user. It collects and sends the user's application lists and location data, which enables attackers to target their actions. During this phase, it will disable the key lock and any associated password security and download other third-party apps disguised as updates.

For phase two, the researchers found that the attack is conditioned by the information the app finds about its users. Once some conditions are met, the dropper installs Vultur, the malware that is primarily targeted at online banking interfaces to steal credentials and financial information, which is obviously scary.

This is not a piece of malware that needs to be taken lightly. If you have installed this app (which has been removed from Google Play but is still available in some third-party app stores), delete it immediately. If the app starts restarting itself when you try to close it, restart your phone and delete it.

RELATED: How to shop safely online: 8 tips to protect yourself

Leave a Reply

Your email address will not be published. Required fields are marked *

Share this:

Like this:

%d bloggers like this: