This app drops malware into your device that steals your banking information and grabs your money
The irony is clear. 2FA, also known as two-factor authentication, is used to validate your identity. Let’s say your bank wants to make sure that the person trying to speak to them about your account is you. So they send a text with a code number to your phone. Once you punch in the correct code number from the text, you have verified your identity as far as the bank sees it. However, the 2FA Authenticator app was used to install dangerous malware called Vultur on your handset.
Vultur is designed to target financial services apps so that it can steal users’ banking information and take their money. Pradeo suggests that if you have this app on your phone or tablet, delete it immediately. The Google Play team has been told about this discovery by Pradeo and 15 days later it was removed from the Google Play Store on January 27th.
Other dangerous permissions allow the malware to perform activities even when the app is shut off. One of the permissions the malware grants allows third-party apps to be installed under the guise of being an update. Another one disables the keylock and any associated password security, and yet another gives permission for SYSTEM_ALERT_WINDOW of which Google says, “Very few apps should use this permission; these windows are intended for system-level interaction with the user.”
We’re not your mom, but we do want to help you avoid getting ripped off by malicious apps. If you’re a loyal PhoneArena reader, you know that we constantly remind you that if you’re not familiar with the developer of an Android app that you’re about to install, look at the comments section in the Play Store for red flags. And sure enough, there is one for 2FA Authenticator.
Even though the app is no longer in the Play Store, it can still be on your phone
The Vultur malware that 2FA Authenticator “drops” into your phone will record every keystroke you make including invisible keystrokes such as passwords. We don’t have to tell you how dangerous this is. The unique package name is “com.privacy.account.safetyapp.” Just because the app has been removed from the Play Store doesn’t mean that it has been removed from your phone.
If 2FA Authenticator is listed, delete it.