Saturday, June 22, 2024

Beware of Malicious 2FA Apps in App Store and Google Play that Deploys Malware

Cybersecurity experts at Sophos recently detected multiple malicious 2FA apps in App Store and Google Play that deploy malware. 

While Twitter made a recent announcement stating that it no longer considers SMS-based two-factor authentication (2FA) to be sufficiently secure.

Users who have opted for Twitter’s premium service, Twitter Blue, and have purchased a verified badge to enhance their reach and tweet length are the ones who are most affected by this significant change.

In the case of pay-to-play users, they will still be able to receive their two-factor authentication codes by text messages (SMS).

Within the next three weeks, the rest of the users must switch over to a different 2FA system before March 17, 2023. One viable solution to meet Twitter’s new security requirements is to use a specialized app that generates a unique sequence of one-time codes seeded with an encryption algorithm. 

Alternatively, users can also use a physical hardware token, such as a Yubikey, which performs the cryptographic functions required to verify their identity.

Reliable 2FA Apps

For iPhone users, the built-in password manager within the iOS operating system can generate 2FA codes for a multitude of websites. This eliminates the need for users to download and install any additional software, making the process simple and hassle-free.

For Android users, Google provides its own authenticator application, aptly named Google Authenticator, which can be downloaded from the official Google Play store. 

This app can generate unique codes for 2FA authentication purposes, making it a viable and reliable solution for users who are seeking enhanced security measures with proper authenticity.

It is reasonable to assume that a significant number of users may have inquired about alternative authenticator applications available for download. This curiosity arises from the need to diversify their security measures and not solely depend on Apple or Google’s cybersecurity protocols.

Numerous reputable companies offer authenticator utilities that are free, reliable, and straightforward in functionality. These authenticator applications serve the sole purpose of providing 2FA codes without any additional fees or advertisements. 

This is particularly beneficial for users who prefer to use a 2FA app that is not from the same vendor as their operating system.

Malicious 2FA Apps

The issue at hand is the vast number of applications available that offer this service, which makes it challenging to determine their reliability and effectiveness. 

Adding to the complexity is the fact that these apps have gained endorsement and recognition for their quality through their inclusion in the official app stores of Apple and Google, which maintain strict security protocols.

Following the discontinuation of the SMS method of two-factor authentication by Twitter, experts analyzed several authenticator apps. 

When security analysts, Tommy Mysk and Talal Haj Bakry investigated authenticator applications, they discovered findings that were both alarming and surprising. 

The investigation uncovered information that was previously unknown to them, and it has raised concerns about the reliability and effectiveness of some authenticator applications. 

During their investigation, security analysts discovered multiple fraudulent applications that closely resemble legitimate authenticator applications. These applications are designed to deceive users into subscribing to a yearly service costing $40. 

The existence of these fraudulent applications highlights the importance of careful consideration when choosing an authenticator application, as it is crucial to ensure that it is from a reputable source.

They identified four authenticator applications that have almost identical binary codes. This similarity suggests that these applications may have been developed by the same entity or group. 

Furthermore, during the investigation, analysts also discovered an authenticator application that sends all scanned QR codes to the developer’s Google Analytics account, raising concerns about the security and privacy of user data.

Based on the investigation conducted by security analysts, it appears that imposter applications within this category attempt to persuade users to pay annual subscription fees ranging from $20 to $40.

However, it is worth noting that this amount is comparable to the cost of purchasing a reputable hardware 2FA token, which is likely to last several years and offer greater security.

During their search on the App Store, they encountered an application with a description that appeared to be poorly written and contained numerous grammatical errors. 

Interestingly, the application was developed by a company that used the name of a well-known Chinese mobile phone brand, which is likely an attempt to appear legitimate and trustworthy. 

It is surprising to note that the suspected fraudulent individuals were able to obtain an Apple code signing certificate using a name that they were not authorized to use.

The highest-ranked app that appeared in a search for 2FA apps on Google Play not only charges unnecessary fees but also takes the initial secrets of the accounts set up for 2FA without authorization.

https://twitter.com/mysk_co/status/1629573752538243073

Recommendation

It is secure to use a generated code for one-time use because the seed does not have the potential to be reverse-engineered, as a result, the seed must always remain a secret.

In order to verify that the user has provided a correct code that matches the time they are trying to log in, the service they are attempting to access requires a copy of their seed.

After Twitter’s announcement, if you recently downloaded an authenticator app, it is recommended that you review your choice and ensure that you have selected a trustworthy app.

Things that you should check:-

  • Forced into paying a subscription for it.
  • App is littered with ads.
  • App comes with larger-than-life marketing and glowing reviews yet comes from a company you’ve never heard of.
  • Having second thoughts and something doesn’t feel right about it.

When switching to a new authenticator app, it is important to remember that you will need to reset all 2FA seeds for all the accounts you have associated with the previous app.

Network Security Checklist – Download Free E-Book

Website

Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles