For most users, it is basic knowledge to open a double verification mechanism for their accounts. In addition to the double verification mechanism provided by Apple or Google, some users also choose to download third-party double verification applications to help make their personal information more secure.
But things may not be as good as you think.
Pradeo, a foreign information security company, found a malicious application called “2FA Authenticator” in the Google Play app store (the application was removed from the Google Play platform on January 27), which has been downloaded more than 10,000 times on the Google Play app store.
Pradeo researchers found that the malicious app contains a Trojan horse that hackers used to install malware on users’ mobile devices to steal their bank account information, and recommended that users who have downloaded the app should remove it as soon as possible.
According to Pradeo researchers, this is a “well-hidden” malicious application because it nominally makes the user’s mobile device look more secure, but in reality it puts your bank account information at risk.
For example, the app requires users to allow the app to open camera permissions on the device, disable your device’s screen lock, have full internet access, and override other apps to prevent your device from going to sleep.
To make matters worse, the app also steals other permissions from your device, including the ability to disable the keyboard, access to the web and foreground services, access to device biometrics (such as fingerprints), and more. Allowing the app to use the biometric features of your device is the most serious, as this is the easiest way for hackers to break into your bank account app.
If you want to make sure you are free of the 2FA Authenticator, the fastest way is to open your phone’s Settings and go directly to If you do find the app on your phone, then click “Uninstall” on the page.