Android security app installed by thousands ends up being malware
Android security app installed by thousands ends up being malware
Hot on the heels of yesterday's story about almost 500 Android apps in Google Play that were fleecing tens of millions of people out of their hard-earned money, there is — or was — another Android app in Google Play that tried to clean out its victims' online bank accounts.
The app was discovered by French mobile-security firm Pradeo and is called 2FA Authenticator. Every bit its name implies, information technology disguises itself as a two-cistron-authentication (2FA) code generator and is fully functional in that regard, as the code-generating bit of many authenticator apps is openly available and free to use.
Nevertheless, this app does null to improve your security. Rather, during installation it asks the user for permissions that are non stated in its Google Play profile, including the permission to install "updates" from the internet instead of receiving updates through Google Play.
Reaching out and touching yous with malware
If you grant information technology that permission, and so 2FA Authenticator reaches out to the internet and infects your phone with the Vultur cyberbanking Trojan, a particularly nasty piece of work that nosotros first wrote about terminal July.
Vultur records everything that happens on your screen to capture what yous type in, such equally usernames and email addresses. It includes a keylogger to capture what'due south non visible when y'all type, such as passwords. It will send that information to its controllers, who tin then use your login details to hijack your online bank accounts.
2FA Authenticator was available in the Google Play app store for at least 15 days and had been installed on at to the lowest degree 10,000 devices before it was removed yesterday (Jan. 27) after Pradeo informed Google of its presence.
Odds are that 2FA Authenticator is still available on "off-road" Android app stores, then exist extremely wary if yous go apps that way — the app's unique Android packet name is "com.privacy.account.safetyapp".
How to get rid of 2FA Authenticator
Google tin can achieve out and delete known malicious apps from users' phones if the apps were installed using Google Play, merely it rarely does then. If you recall you may have 2FA Authenticator or another known malicious app installed on your own phone, you'll probably need to get rid of it manually.
Check Settings > Apps (or App Management) to encounter if 2FA Authenticator or another suspicious app is listed. You may desire to tap the iii dots in the meridian right corner of the screen and select "Show organisation" considering sometimes malicious apps hide there.
If in that location's a 2FA Authenticator listed, you can probably just go ahead and delete it, fifty-fifty though it might exist a different app considering many Android apps use the same or similar names. You tin can substitute a better-known authenticator app, such every bit Google Authenticator or Authy, instead.
Also, yous should probably install one of the best Android antivirus apps on your phone. They practise a improve task than Google'southward built-in tools when it comes to catching malicious apps.
How to check if an installed Android app has been removed from Google Play
Even so, to make sure whether an app you have installed has been removed from Google Play, yous'll need to look up its unique package name — something that looks like "com.foo.app" or, in this particular case, "com.privacy.account.safetyapp".
Android app package names are easily visible in the URL. or web address, of Google Play shop pages when you look at them in a web browser. For example, if the URL is "https://play.google.com/store/apps/details?id=com.foo.app", then the package proper name is "com.foo.app".
Unfortunately, after the app has been installed on your phone or tablet, information technology'due south non so easy to tell what the package name of an Android app might be.
Your best bet is to open the Google Play app, tap your own Google avatar in the upper correct corner, then select "Manage apps and device."
On the next screen, tap the Manage tab to run into all your installed apps. Tap the iii uneven lines on the right side of the screen to sort them by proper noun. Find the app that you're curious near and tap it.
A page for the app itself will open in the Google Play app, only that doesn't necessarily mean the app is in the online Google Play store. Information technology just means the app is installed on your device.
Tap the three stacked dots in the upper right corner and select Share. A card will slide out list a partial URL, which is for the app's Google Play shop listing page when you installed the app. Tap the nested-squares icon next to it to copy the URL.
Then open a new tab in a web browser, paste the URL into the address bar and tap the Go arrow at the bottom of the screen. (If yous just desire the packet name, paste the URL into a text file or even a new e-mail bulletin.)
If your browser returns a regular Google Play app-listing page, and so the app is however in Google Play and it's probably safe to utilize.
Only if you lot become a by and large bare folio with a message stating that "We're sad, the requested URL was not found on this server," and so the app has been removed from Google Play.
Y'all should probably consider uninstalling an app that's no longer in Google Play, especially if its packet proper noun matches that of a known malicious app such as com.privacy.account.safetyapp.
The exceptions are for apps that you know were removed from Google Play for other reasons, such as because of a copyright dispute or a violation of Google'southward terms of service.
Source: https://www.tomsguide.com/news/fake-2fa-app-vultur-android-malware
Posted by: colemanthibust.blogspot.com
0 Response to "Android security app installed by thousands ends up being malware"
Post a Comment