Seems like Google Play cannot shave off its curse of hosting undetected malware apps. In a recent development, an authenticator app going by the name 2FA Authenticator remained under the radar for 15 days on the Play Store and more than 10,000 people downloaded the malicious app capable of stealing financial information. Now the app has been removed, and the cached description portrayed it as a secure authenticator with full-proof encryption and backups. The rogue app is a spin-off of the legitimate Aegis Authenticator; the developers of 2FA Authenticator copied the open-source code and inserted malicious code within.
The app identified by cyber security company Pradeo, also claimed to have support for HOTP and TOTP. This made the users believe it could import other authenticator protocols from apps including Google Authenticator, Microsoft Authenticator, and Authy.
This app managed to pass the Play Store’s security checks, and as soon as it
...Keep reading this article on Android Community.
