Despite the myriad security safeguards, malware continues to find new ways to infiltrate Android devices. The latest such malware comes in the form of an app called 2FA Authenticator. This app would then install a malware called ‘Vultur.’
The research team at Pradeo termed this as a “trojan-dropper,” wherein cybercriminals piggyback malware on a seemingly innocuous app. This specific malware can target users’ banking credentials and even steal money off their accounts. Fortunately, the app was removed from the Google Play Store on January 27 after a detailed report was published on Pradeo’s blog (via Phone Arena).
But it’s highly likely that many users still have the app on their devices. If that is the case, make sure you immediately delete the app to avoid the possibility of theft. As per screenshots of the Play Store listing, the app had over 10,000 installs.
The app requests sensitive data including biometric information such as fingerprints
A closer inspection of the permissions sought by the app reveals that it was designed to trick users into sharing personal data. Some of the permissions requested by the app include full network access, running at startup, and disabling the screen lock or password. Moreover, the app would then attain permissions to disable the keyboard, query all packages, and even use biometrics, including the user’s fingerprint data.
The app could also install third-party apps masked as an update, making it nearly impossible for unsuspecting users to know something’s wrong. While users are advised never to download apps outside the Play Store, there isn’t much they can do when the malicious app comes from Google’s official app hub.
If you think you may have downloaded the app, head over to Settings – Apps to identify this app. If you see it on the list, go ahead and delete it immediately.
This incident reminds us that we can’t be careful enough when downloading apps on our phones. To be safe, be sure to download apps from verified developers on the Play Store. If you’re suspicious of a particular app, check out the reviews section to see what other users have to say.
Last week, new research by Zimperium uncovered a new malware known as Dark Herring. This malware would infiltrate the victim’s device via SMS. Dark Herring also uses apps to make their way to devices, with some of them published on the Play Store. But Google was quick to react and has since removed all apps associated with Dark Herring.