Security firm says to delete this Android app immediately before it cleans out your bank account

If you have the 2FA Authenticator code generator app on your Android phone, delete it immediately says one research firm. The app contains malware that can rip you off.

Android, Apps

1/29/2022 9:42:00 AM

If you have the 2FA Authenticator code generator app on your Android phone, delete it immediately says one research firm. The app contains malware that can rip you off.

If you have the 2FA Authenticator code generator app on your Android phone, delete it immediately says one research firm. The app contains malware that can rip you off.

has discovered an app in the Google Play Store that was supposed to be used to help Android users feel safer online. Instead, the app turned out to be a"trojandropper" used by hackers to disseminate malware on consumers' mobile devices. The app, called 2FA Authenticator, was installed by over 10,000 users.

This app drops malware into your device that steals your banking information and grabs your moneyThe irony is clear. 2FA, also known as two-factor authentication, is used to validate your identity. Let's say your bank wants to make sure that the person trying to speak to them about your account is you. So they send a text with a code number to your phone. Once you punch in the correct code number from the text, you have verified your identity as far as the bank sees it. However, the 2FA Authenticator app was used to install dangerous malware called Vultur on your handset.

Read more: PhoneArena »

Cleveland city council members concerned about violence over Memorial Day weekend

Like many of us, city councilmen Michael Polensek and Joe Jones are fed up with the rise of violence in Cleveland. Read more >>

Kremlin offers frosty response to Blinken letter as world waits for Putin's next moveThe Kremlin has given its response to U.S. security proposals that were hand-delivered to Moscow on Wednesday, saying it believes Russian views had not been taken into account. Russia is so soft. Time to teach them a lesson they won’t forget. Drop the heaters on Moscow. I bet he loves the limelight. Boost to his ego. What would we expect from a man that will never give up power. History will not be kind to Putin. New Utility Income Breakdown in Blue… CEX, 40% Staking = 2% Rewards 20% Burn = 1% Burn 10% Winner (New) = 0.5% Draw 10% Donation = 0.5% Donation 10% Marketing = 0.5% Marketing 10% Dev = 0.5% Dev bluesparrow bluesparrowETH CEX NFT BlueSparrowETH BlueSparrowCommunity

Automotive Mobile Apps Continue To Frustrate Owners According To J.D. Power Study | CarscoopsAutomotive Mobile Apps Continue To Frustrate Owners According To J.D. Power Study | Carscoops carscoops

Wyze will discontinue its first camera on February 1st | EngadgetThe company says Wyze Cam v1 can't support a necessary security update.. WyzeCam I want my $30 back! Yi Home Cams are great. I have 4.

Here is the Spotify COVID content policy that lets Joe Rogan slideSpotify says it’s reviewed every Rogan episode and none 'meet the threshold for removal.' Wait so what’s the deal with Joe Rogan and Spotify, why is this topic so hot Having a long conversation with a scientist who's critical on the covid policies isn't misinformation just because you disagree with it. Have some integrity... Joe Rogan is a national treasure.

8 Things to Have An Upper Hand on Before Developing Your 1st Android App | HackerNoonLiving in a digital-only era, we use our phones while in the office, on the streets, in our cars, at home, while we’re eating, relaxing in the bed, and even while bathing. There are 99.9% chances that you might be reading this from your smartphone right now. Are you?

Dark Herring malware targeted over 105M android users in a app subscription fraud globallyA sophisticated new malware, dubbed Dark Herring, was discovered by mobile device security experts at Zimperium zLabs. The code aims to trick users to subscribe for a faux service and pay $15 through Direct Carrier Billing. According to the report, 105 million users were tricked into signing up for that subscription.

Pradeo has discovered an app in the Google Play Store that was supposed to be used to help Android users feel safer online. Instead, the app turned out to be a"trojandropper" used by hackers to disseminate malware on consumers' mobile devices. The app, called 2FA Authenticator, was installed by over 10,000 users. This app drops malware into your device that steals your banking information and grabs your money The irony is clear. 2FA, also known as two-factor authentication, is used to validate your identity. Let's say your bank wants to make sure that the person trying to speak to them about your account is you. So they send a text with a code number to your phone. Once you punch in the correct code number from the text, you have verified your identity as far as the bank sees it. However, the 2FA Authenticator app was used to install dangerous malware called Vultur on your handset. The malware adds permissions you didn't grant-those are on the right-to make it easier to steal your money Vultur is designed to target financial services apps so that it can steal users' banking information and take their money. Pradeo suggests that if you have this app on your phone or tablet, delete it immediately. The Google Play team has been told about this discovery by Pradeo and 15 days later it was removed from the Google Play Store on January 27th. It is bad enough that the 2FA Authenticator app asks for permission to take pictures and videos using the camera on your device, disable your screen lock, have full network access, run at startup, draw over other apps, and prevent your device from sleeping. Unbeknown to the device owner, the app secretly was granted other permissions including the ability to disable the keyboard, permission to access the internet and foreground services, permission to query all packages, permission to use biometrics, and use the victim's fingerprint. The latter two, which were the ability to use biometrics and the victim's fingerprint, might reveal how the app is able to break into a user's financial apps and accounts and steal the information that allows it to access the user's bank, other financial institutions, and rob him blind. Other dangerous permissions allow the malware to perform activities even when the app is shut off. One of the permissions the malware grants allows third-party apps to be installed under the guise of being an update. Another one disables the keylock and any associated password security, and yet another gives permission for SYSTEM_ALERT_WINDOW of which Google says,"Very few apps should use this permission; these windows are intended for system-level interaction with the user." We're not your mom, but we do want to help you avoid getting ripped off by malicious apps. If you're a loyal PhoneArena reader, you know that we constantly remind you that if you're not familiar with the developer of an Android app that you're about to install, look at the comments section in the Play Store for red flags. And sure enough, there is one for 2FA Authenticator. Written less than a week ago, the comment says"DO NOT DOWNLOAD THIS APP!!!" I Just downloaded it and it tried to force me to install some BS update off the internet as soon as I opened the app and when I closed the app it forced itself open again, and again, and again so I had to restart my phone to delete the app. Don't download it." What kind of phone owner would install an app after reading that comment about it? Even though the app is no longer in the Play Store, it can still be on your phone The Vultur malware that 2FA Authenticator"drops" into your phone will record every keystroke you make including invisible keystrokes such as passwords. We don't have to tell you how dangerous this is. The unique package name is"com.privacy.account.safetyapp." Just because the app has been removed from the Play Store doesn't mean that it has been removed from your phone. If this app is on your Android phone, delete it immediately To get rid of 2FA Authenticator (which you need to do immediately if you have it on your device) is to go to Check Settings > Apps and look for 2FA Authenticator or another suspicious app. Tap the three dots in the top right corner of the screen and select"Show system" because malicious apps sometimes park there. If 2FA Authenticator is listed, delete it. New reasons to get excited every week Get the most important news, reviews and deals in mobile tech delivered straight to your inbox sign up