Multiple 2FA Apps Distributing Malware Discovered in App Store and Google Play

Recently, security experts have detected numerous 2FA applications developed to distribute malware on App Store and Google Play. Twitter recently announced that SMS-based two-factor authentication (2FA) is no longer secure enough. As a result, a change has occurred that requires certain users to switch to a different type of 2FA system. This change only affects users who select Twitter Blue, the platform’s premium service and purchase a verified Blue Badge to increase their access or tweet lengths
Figure 1: Twitter announcement about SMS-based two-factor authentication (2FA)
Figure 1: Twitter announcement about SMS-based two-factor authentication (2FA)
A valid solution to meet Twitter’s new security requirements is to use a special 2FA (Authenticator) application that generates a unique one-time code sequence. These applications simplify the process by eliminating the need for users to download and install any additional software. Security researchers have analyzed several Authenticator applications on App Store and Google Play following the change, revealing that some applications jeopardize user data and security.
Figure 2: Fake authenticator applications
Figure 2: Fake authenticator applications

Fake Applications on App Store and Google Play Have Subscription Plan Up-To $40

These applications are fake applications that resemble legitimate authentication applications and are designed to trick users into subscribing to a service that costs $40 a year. Some of the developers of these applications can obtain a code signing certificate by using the names of legitimate companies to make the applications appear legal and trustworthy.

The existence of these fake applications emphasizes the importance of careful evaluation when choosing an authentication application. Therefore, it is recommended to ensure the reliability of the used Authenticator applications and to pay attention to subscription payment requests and excessive advertising within the applications used in this context.

Share This: