Security News > 2022 > January > 2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play
2022-01-27 20:59

The app, which is fully functional as a 2FA authenticator, comes loaded with the Vultur stealer malware that targets and swoops down on financial data.

Once downloaded, the app installs Vultur banking trojan, which steals financial and banking data on the compromised device - but can do much more.

The scam 2FA authenticator also asks for device permissions beyond what was disclosed in the Google Play profile, the Pradeo team said.

Pradeo uncovered another dirty trick the malicious 2FA pulled by grabbing the SYSTEM ALERT WINDOW permission, which gives the app the ability to change other mobile apps' interfaces.

Once the device is fully compromised, the app installs Vultur, "An advanced and relatively new kind of malware that mostly targets online banking interface to steal users' credentials and other critical financial information," the report said.

The team at Pradeo reported that while the researchers submitted their disclosure to Google Play, nevertheless the malicious 2FA Authenticator app loaded with the banking trojan remained available for 15 days.


News URL

https://threatpost.com/2fa-app-banking-trojan-google-play/178077/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 995 4921 2871 1623 10410