The cybersecurity firm Pradeo has presented a new malware present in the Android universe that could harm the finances of users. It’s called 2FA Authenticator, and contrary to what its name suggests, it exists to harm everyone who installed it.
This application was distributed by Play Store, the official Google application store for Android. It is classified by the company as a trojan dropper primarily aimed at financial applications.
2FA Authenticator is the application that you should already uninstall from your Android smartphone
According to data released by Pradeo, this application has more than 10,000 installations. although we already know malware with greater influence than this, it is worrying to realize that it has reached such a dimension.
Once installed on the smartphone, 2FA Authenticator autonomously installs a malware called Vulture. Its objective is to collect as much as possible from the bank accounts of affected users.
Once again, the permissions requested by the app are a clear warning of its intentions. In fact, 2FA Authenticator asks for authorization to access the smartphone’s camera, disable the lock screen, complete Internet network access, run at system startup, kill other apps, and prevent device hibernation.
Vultur wants to access your fingerprints
Even more alarming is the request for access to the user’s biometric data. Strictly speaking, this app wants authorization to access the fingerprint data of the owner of that smartphone.
It is precisely with this information that Vultur is able to carry out its malicious intentions and embezzle money. Biometric data is information that is typically required by financial applications to access and authorize transactions.
Another relevant action of this new malware it is your ability to perform activities even with the app turned off. In other words, it manages to install other apps on the smartphone disguised as updates to trick users.
To do this, the application requires authorization to access the SYSTEM_ALERT_WINDOW permission. According to Google, this is a permission that very few applications can use since it is a mechanism that is used at the system level.
2FA Authenticator is already removed from the Play Store, but not from your smartphone
As soon as Pradeo discovered this threat, Google was immediately notified to proceed with its removal from the Play Store. This is dictated by the best practices in the cybersecurity universe, with the American company making this app disappear from its store on January 27.
However, all users who installed it before that date will continue to have it on their smartphone, unless they manually remove it. In fact, check if you already have this app on your device.
As for preventive measures for this phenomenon, reading the comments of the application is an excellent filter. It is usually enough for us to notice that something is wrong with an application and thus avoid installing it.