A banking trojan disguised as two-factor authentication software has been spreading on the official Google Play Store for more than two weeks. More than 10 thousand users have downloaded this application.

The app, apparently, really provides the declared functionality of 2FA authenticator. The problem is in that, with this program the user receives the Vultur malware, which tries to steal credentials.

Researchers at Pradeo recommend to remove the app named "2FA Authenticator" to anyone who had mistakenly downloaded it. The malware cannot only transfer logins and passwords to attackers, but it also requests additional permissions on the system for further destructive actions.

Once downloaded, the app installs Vultur banking trojan, the main task of which is to steal financial information. At the same time malware has much more features: intercepting the geolocation data of the victim, disabling password security on the device, downloading third-party dubious applications, and taking over control of the device.

Source: anti-malware.ru