Despite the myriad security measures, malware keeps finding new ways to infiltrate Android devices. The latest malware of this type comes in the form of an app called 2FA Authenticator. This app then installs a malware called “Vultur”.
Pradeo’s research team dubbed this a “trojan dropper,” where cybercriminals piggyback malware onto a seemingly harmless app. This particular malware can target users’ banking information and even steal funds from their accounts. Luckily, the app was removed from the Google Play Store on January 27th.
However, it is very likely that many users still have the app on their devices. If that’s the case, you should delete the app immediately to avoid possible theft. According to screenshots of the Play Store listing, the app had over 10,000 installs.
Android malware: Trojans also target biometric data
The app requests sensitive data, including biometric information such as fingerprints. A closer look at the permissions requested by the app makes it clear that it aims to trick users into sharing personal information. Some of the permissions requested by the app include full network access, run at startup, and disabling the screen lock or password. In addition, the app would be given permission to disable the keyboard, query all packets, and even use biometrics, including the user’s fingerprint data.
The app could also install third-party apps disguised as an update, making it almost impossible for unsuspecting users to tell anything is wrong. While users are advised never to download apps outside of the Play Store, if the malicious app is from Google’s official app store, there is not much they can do.
Last week, a new investigation by Zimperium uncovered a new malware called Dark Herring. This malware infiltrates victim’s device via SMS. Dark Herring also uses apps to get onto devices, some of which have been released on the Play Store. However, Google reacted quickly and has since removed all apps associated with Dark Herring.
The article Android malware “Vultur” can steal your bank data first appeared on schmidtisblog.de and was supplemented by CHIP authors with further information.