Promoted in the Play Store as an essential security application for accessing password-protected accounts with 2FA authentication code, the highly-named application, 2FA Authenticator, functioned as a real malware code carrier downloaded directly from the internet and then used to sort victims. occasional ones that can be immediately preyed upon by hackers who are always “at the buttons”.
More than an opportunistic malware, spread to exploit the most obvious opportunities, self-selected from a much larger number of infected devices, 2FA Authenticator started from the Play Store as an alternative solution for generating two-step authentication codes , installed by the inattention of users who searched directly for the keyword “2FA”, without knowing the existence of the Google Authenticator solution, perfectly secure and equally free for all Android users. In other words, Google has been betrayed by its own search engine, which has been exploited to direct users looking for the absolutely essential security application to something else entirely.
Once installed, the 2FA Authenticator application initiates the download of an additional package from an attacker-controlled server, masking the operation as an essential update for the proper operation of the application. Malware initiated out of Google’s control then continues to scan the device for vulnerabilities that can be attacked immediately. For example, the presence of a certain homebanking application, on a device in a geographical region where hackers know both the spoken language and the most appropriate approach to facilitate the attack.
Once infiltrated, the malware proceeded to disable the device’s own security mechanisms, further acting as a direct interface through which attackers could see the contents of the screen and interact directly with selected victims, maximizing the chances of obtaining login details and emptying bank accounts.
Although Google reacted immediately after the danger was pointed out by a security company called Praedo, the 2FA Authenticator application and the malware it spread reached at least 10,000 Android devices, and the resulting damage could be considerable.