Google nukes two-factor authenticator virus app

Google has removed a fraudulent two-factor authentication app from its Play Store after it was discovered to be stealing users’ financial information on Android smartphones.

2FA Authenticator — as the app was named — was identified to be a trojan-dropper as it is leveraged by cybercriminals to install malware secretly.

This is according to researchers at Pradeo, the security firm that first identified the malicious application.

2FA Authenticator, which more than 10,000 Android users downloaded, initiated a two-stage attack once installed.

During the first stage, 2FA Authenticator requested critical permissions that it does not mention on its Google Play profile.

In combination with the code that the application executes, the permissions enabled it to send the user’s location and list of applications to the culprits, disable the keylock and associated password security, and download third-party applications.

In the second stage of the attack, 2FA Authenticator would attempt to install banking malware on the device.

These third-party applications were presented as software updates to the victims.

Pradeo said that the malicious application installs malware called Vultur.

The cyber security company describes Vultur as an “advanced and relatively new kind of malware that mostly targets online banking interfaces to steal users’ credentials and other critical financial information.”

The 2FA Authenticator application spent 15 days on the Play store before Google removed it.