PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Did You Install This Malicious Android 2FA Authenticator App?

Over 10,000 Google Play Store users downloaded an app that steals banking credentials.

Matthew Humphries
 & Matthew Humphries Former Senior Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Google got a wake-up call this week regarding Google Play Store security after a malicious Android app remained available to download for 15 days. During that time, over 10,000 people installed the app thinking it was a legitimate two-factor authentication solution.

As ZDNet reports, cyber security company Pradeo discovered the malicious app, which is called 2FA Authenticator. The Google Play Store page for the app (which thankfully is no longer available) described it as "a secure authenticator for your online services, while also including some features missing in existing authenticator apps, like proper encryption and backups." However, that was just a front for the app's real goal: stealing your financial information.

There's a legitimate app called Aegis Authenticator, which offers to manage your two-step verification tokens. It's free and open source, so the developers of 2FA Authenticator decided to take full advantage. They copied the open source code used for Aegis and injected malicious code into it. The end result is an app capable of passing Google's Play Store security checks, but which could turn malicious once installed on a user's Android phone or tablet.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

Upon installation, the app requests "critical permissions" for a device which allows it to then perform a number of tasks including disabling keylock and password security, download third-party apps and updates, continue to work in the background even after the user exits the app, and the ability to place an overlay on other app interfaces. That's as well as having access to a user's data.

If 2FA Authenticator finds a device meets several conditions, a Remote Access Trojan (RAT) called Vultur is downloaded and installed without the knowledge of the user. Vultur uses screen recording and keylogging to record the details entered into banking apps allowing the criminals behind this app to empty bank accounts or cryptocurrency wallets.

If this is an app you've installed, the advice is clear: uninstall it immediately and contact any financial/banking services you access through your Android device to ensure your accounts haven't been compromised.

About Our Expert

Matthew Humphries

Matthew Humphries

Former Senior Editor

My Experience

I started working at PCMag in November 2016, covering all areas of technology and video game news. Before that I spent nearly 15 years working at Geek.com as a writer and editor. I also spent the first six years after leaving university as a professional game designer working with Disney, Games Workshop, 20th Century Fox, and Vivendi.

I hold two degrees: a Bachelor's degree in Computer Science and a Master's degree in Games Development. My first book, Make Your Own Pixel Art, is available from all good book shops.

My Areas of Expertise

  • PC components and system building
  • Raspberry Pi
  • Software development
  • Storage technology
  • Video games and gaming hardware

Read the latest from Matthew Humphries

Read full bio