Security News > 2022 > January > 2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play

The app, which is fully functional as a 2FA authenticator, comes loaded with the Vultur stealer malware that targets and swoops down on financial data.
Once downloaded, the app installs Vultur banking trojan, which steals financial and banking data on the compromised device - but can do much more.
The scam 2FA authenticator also asks for device permissions beyond what was disclosed in the Google Play profile, the Pradeo team said.
Pradeo uncovered another dirty trick the malicious 2FA pulled by grabbing the SYSTEM ALERT WINDOW permission, which gives the app the ability to change other mobile apps' interfaces.
Once the device is fully compromised, the app installs Vultur, "An advanced and relatively new kind of malware that mostly targets online banking interface to steal users' credentials and other critical financial information," the report said.
The team at Pradeo reported that while the researchers submitted their disclosure to Google Play, nevertheless the malicious 2FA Authenticator app loaded with the banking trojan remained available for 15 days.
News URL
https://threatpost.com/2fa-app-banking-trojan-google-play/178077/
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades (source)
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)