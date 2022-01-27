Once again a malicious application has sneaked into Google Play. In this case we are talking about 2FA Authenticator, an app that has been present in the official Google store and that was installed by more than 10,000 users.

The app is a Trojan, and it has been used to secretly install malware on users’ mobile devices.

The analysis has been carried out in Pradeo, where they have verified how the app automatically installs a malware called Vultur, designed to steal banking information.

Users who still have it on their mobile have to delete it immediately. Google, although it has taken 15 days to do so, has already removed it from Google Play.

The app was sold as a solution to improve the security of their devices. The developers used the open source code of the official Aegis authentication app, and put malicious code inside it to do its job of stealing data. It requested critical permissions that did not appear in the Google Play profile, something that usually happens with apps of this type (if an app requests more permissions than normal, be suspicious).

The app directed users to a fake online banking interface, tricking those who thought it was real into entering their login details without fear.

What to do if you have already installed and deleted it

The ideal is to clear the cache of all browsers. Be suspicious of interfaces that may seem fake, always use the banks’ official apps, and if you access via a web address, pay attention that the domain is the bank’s, spelled correctly, to avoid falling into the trap. When in doubt, call your bank for more information.