2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play

2022-01-27 20:59

The app, which is fully functional as a 2FA authenticator, comes loaded with the Vultur stealer malware that targets and swoops down on financial data.

Once downloaded, the app installs Vultur banking trojan, which steals financial and banking data on the compromised device - but can do much more.

The scam 2FA authenticator also asks for device permissions beyond what was disclosed in the Google Play profile, the Pradeo team said.

Pradeo uncovered another dirty trick the malicious 2FA pulled by grabbing the SYSTEM ALERT WINDOW permission, which gives the app the ability to change other mobile apps' interfaces.

Once the device is fully compromised, the app installs Vultur, "An advanced and relatively new kind of malware that mostly targets online banking interface to steal users' credentials and other critical financial information," the report said.

The team at Pradeo reported that while the researchers submitted their disclosure to Google Play, nevertheless the malicious 2FA Authenticator app loaded with the banking trojan remained available for 15 days.

News URL

https://threatpost.com/2fa-app-banking-trojan-google-play/178077/

#2FA #banking #google #googleplay #trojan

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		103	257	4344	4739	748	10088

News URL

Related news

Related vendor