Security firm says to delete this Android app immediately before it cleans out your bank account

5
Security firm says to delete this Android app immediately before it cleans out your bank account
Mobile security firm Pradeo has discovered an app in the Google Play Store that was supposed to be used to help Android users feel safer online. Instead, the app turned out to be a "trojandropper" used by hackers to disseminate malware on consumers' mobile devices. The app, called 2FA Authenticator, was installed by over 10,000 users.

This app drops malware into your device that steals your banking information and grabs your money


The irony is clear. 2FA, also known as two-factor authentication, is used to validate your identity. Let's say your bank wants to make sure that the person trying to speak to them about your account is you. So they send a text with a code number to your phone. Once you punch in the correct code number from the text, you have verified your identity as far as the bank sees it. However, the 2FA Authenticator app was used to install dangerous malware called Vultur on your handset.

Vultur is designed to target financial services apps so that it can steal users' banking information and take their money. Pradeo suggests that if you have this app on your phone or tablet, delete it immediately. The Google Play team has been told about this discovery by Pradeo and 15 days later it was removed from the Google Play Store on January 27th.

It is bad enough that the 2FA Authenticator app asks for permission to take pictures and videos using the camera on your device, disable your screen lock, have full network access, run at startup, draw over other apps, and prevent your device from sleeping. Unbeknown to the device owner, the app secretly was granted other permissions including the ability to disable the keyboard, permission to access the internet and foreground services, permission to query all packages, permission to use biometrics, and use the victim's fingerprint.

The latter two, which were the ability to use biometrics and the victim's fingerprint, might reveal how the app is able to break into a user's financial apps and accounts and steal the information that allows it to access the user's bank, other financial institutions, and rob him blind.

Other dangerous permissions allow the malware to perform activities even when the app is shut off. One of the permissions the malware grants allows third-party apps to be installed under the guise of being an update. Another one disables the keylock and any associated password security, and yet another gives permission for SYSTEM_ALERT_WINDOW of which Google says, "Very few apps should use this permission; these windows are intended for system-level interaction with the user."

We're not your mom, but we do want to help you avoid getting ripped off by malicious apps. If you're a loyal PhoneArena reader, you know that we constantly remind you that if you're not familiar with the developer of an Android app that you're about to install, look at the comments section in the Play Store for red flags. And sure enough, there is one for 2FA Authenticator.

Written less than a week ago, the comment says "DO NOT DOWNLOAD THIS APP!!!" I Just downloaded it and it tried to force me to install some BS update off the internet as soon as I opened the app and when I closed the app it forced itself open again, and again, and again so I had to restart my phone to delete the app. Don't download it." What kind of phone owner would install an app after reading that comment about it?

Even though the app is no longer in the Play Store, it can still be on your phone


The Vultur malware that 2FA Authenticator "drops" into your phone will record every keystroke you make including invisible keystrokes such as passwords. We don't have to tell you how dangerous this is. The unique package name is "com.privacy.account.safetyapp." Just because the app has been removed from the Play Store doesn't mean that it has been removed from your phone.

To get rid of 2FA Authenticator (which you need to do immediately if you have it on your device) is to go to Check Settings > Apps and look for 2FA Authenticator or another suspicious app. Tap the three dots in the top right corner of the screen and select "Show system" because malicious apps sometimes park there.

If 2FA Authenticator is listed, delete it.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless