A Trojanized 2FA authenticator app has been removed from the Google Play Store.
The app, 2FA Authenticator, was discovered by the Pradeo security team.
According to a cached version of the app’s page on Google Play, the developer said the software provided a “secure authenticator for your online services, while also including some features missing in existing authenticator apps, like proper encryption and backups.”
In addition, the app claimed to support HOTP and TOTP, and was marketed as a way to import other authenticator protocols – including Authy, Google Authenticator, Microsoft Authenticator, and Steam – and host them in one place.
During its time on Google Play, the app was downloaded and installed over 10,000 times.
However, the app was less about protecting your data and more about stealing it. According to Pradeo, upon installation, the app would act as a dropper for malware designed to steal financial information.
“It has been developed to look legitimate and provide a real service,” the researchers say. “To do so, its developers used the open-source code of the official Aegis authentication application to which they injected malicious code. As a result, the application is successfully disguised as an authentication tool which ensures it