Security News > 2022 > January > 2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play
The app, which is fully functional as a 2FA authenticator, comes loaded with the Vultur stealer malware that targets and swoops down on financial data.
Once downloaded, the app installs Vultur banking trojan, which steals financial and banking data on the compromised device - but can do much more.
The scam 2FA authenticator also asks for device permissions beyond what was disclosed in the Google Play profile, the Pradeo team said.
Pradeo uncovered another dirty trick the malicious 2FA pulled by grabbing the SYSTEM ALERT WINDOW permission, which gives the app the ability to change other mobile apps' interfaces.
Once the device is fully compromised, the app installs Vultur, "An advanced and relatively new kind of malware that mostly targets online banking interface to steal users' credentials and other critical financial information," the report said.
The team at Pradeo reported that while the researchers submitted their disclosure to Google Play, nevertheless the malicious 2FA Authenticator app loaded with the banking trojan remained available for 15 days.
News URL
https://threatpost.com/2fa-app-banking-trojan-google-play/178077/
Related news
- TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities (source)
- Fake WalletConnect app on Google Play steals Android users’ crypto (source)
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- ‘Pig butchering’ trading apps found on Google Play, App Store (source)
- Over 200 malicious apps on Google Play downloaded millions of times (source)
- TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns (source)