31. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

The Vultur trojan obtains bank credentials but then requests authorization to inflict even more damage later. 

A fraudulent two-factor authentication (2FA) software has been deleted from Google Play after being available for more than two weeks — but not before it was downloaded more than 10,000 times. The Vultur stealer malware, which targets and swoops down on financial information, is put into the app, which is completely functioning as a 2FA authenticator. 

Researchers at Pradeo warn users who have the malicious app, just named “2FA Authenticator,” to delete it straight away since they are still at risk — both from banking-login theft and other assaults made possible by the app’s broad over permissions. 

Using open-source Aegis authentication code combined with malicious add-ons, the threat actors constructed an operable and convincing app to mask the malware dropper. According to a Pradeo analysis issued, this enabled it to proliferate unnoticed via Google Play. 

“As a result, the application is successfully disguised as an authentication tool, which ensures it maintains a low profile,” the report added. 

The Vultur banking trojan is installed once the software is downloaded, and it harvests financial and banking data from the affected smartphone, among other things. The Vultur remote access trojan (RAT) malware, initi

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: