Beware of Malicious 2FA Apps in App Store and Google Play that Deploys Malware

Cybersecurity experts at Sophos recently detected multiple malicious 2FA apps in App Store and Google Play that deploy malware. 

While Twitter made a recent announcement stating that it no longer considers SMS-based two-factor authentication (2FA) to be sufficiently secure.

Users who have opted for Twitter’s premium service, Twitter Blue, and have purchased a verified badge to enhance their reach and tweet length are the ones who are most affected by this significant change.

In the case of pay-to-play users, they will still be able to receive their two-factor authentication codes by text messages (SMS).

Within the next three weeks, the rest of the users must switch over to a different 2FA system before March 17, 2023. One viable solution to meet Twitter’s new security requirements is to use a specialized app that generates a unique sequence of one-time codes seeded with an encryption algorithm. 

Alternatively, users can also use a physical hardware token, such as a Yubikey, which performs the cryptographic functions required to verify their identity.

Reliable 2FA Apps

For iPhone users, the built-in password manager within the iOS operating system can generate 2FA codes for a multitude of websites. This eliminates the need for users to download and install any additional software, making the process simple and hassle-free.

For Android users, Google provides its own authenticator application, aptly named Google Authenticator, which can be downloaded from the official Google Play store. 

This app can generate unique codes for 2FA authentication purposes, making it a viable and reliable solution for users who are seeking enhanced security measures with proper authenticity.

It is reasonable to assume that a significant number of users may have inquired about alternative authenticator applications available for download. This curiosity arises from the need to diversify their security measures and not solely depend on Apple or Google’s cybersecurity protocols.

Numerous reputable companies offer authenticator utilities that are free, reliable, and straightforward in functionality. These authenticator applications serve the sole purpose of providing 2FA codes without any additional fees or advertisements. 

This is particularly beneficial for users who prefer to use a 2FA app that is not from the same vendor as their operating system.

Malicious 2FA Apps

The issue at hand is the vast number of applications available that offer this service, which makes it challenging to determine their reliability and effectiveness. 

Adding to the complexity is the fact that these apps have gained endorsement and recognition for their quality through their inclusion in the official app stores of Apple and Google, which maintain strict security protocols.

Following the discontinuation of the SMS method of two-factor authentication by Twitter, experts analyzed several authenticator apps. 

When security analysts, Tommy Mysk and Talal Haj Bakry investigated authenticator applications, they discovered findings that were both alarming and surprising. 

The investigation uncovered information that was previously unknown to them, and it has raised concerns about the reliability and effectiveness of some authenticator applications. 

During their investigation, security analysts discovered multiple fraudulent applications that closely resemble legitimate authenticator applications. These applications are designed to deceive users into subscribing to a yearly service costing $40. 

The existence of these fraudulent applications highlights the importance of careful consideration when choosing an authenticator application, as it is crucial to ensure that it is from a reputable source.

They identified four authenticator applications that have almost identical binary codes. This similarity suggests that these applications may have been developed by the same entity or group. 

Furthermore, during the investigation, analysts also discovered an authenticator application that sends all scanned QR codes to the developer’s Google Analytics account, raising concerns about the security and privacy of user data.

Based on the investigation conducted by security analysts, it appears that imposter applications within this category attempt to persuade users to pay annual subscription fees ranging from $20 to $40.

However, it is worth noting that this amount is comparable to the cost of purchasing a reputable hardware 2FA token, which is likely to last several years and offer greater security.

During their search on the App Store, they encountered an application with a description that appeared to be poorly written and contained numerous grammatical errors. 

Interestingly, the application was developed by a company that used the name of a well-known Chinese mobile phone brand, which is likely an attempt to appear legitimate and trustworthy. 

It is surprising to note that the suspected fraudulent individuals were able to obtain an Apple code signing certificate using a name that they were not authorized to use.

The highest-ranked app that appeared in a search for 2FA apps on Google Play not only charges unnecessary fees but also takes the initial secrets of the accounts set up for 2FA without authorization.

Recommendation

It is secure to use a generated code for one-time use because the seed does not have the potential to be reverse-engineered, as a result, the seed must always remain a secret.

In order to verify that the user has provided a correct code that matches the time they are trying to log in, the service they are attempting to access requires a copy of their seed.

After Twitter’s announcement, if you recently downloaded an authenticator app, it is recommended that you review your choice and ensure that you have selected a trustworthy app.

Things that you should check:-

  • Forced into paying a subscription for it.
  • App is littered with ads.
  • App comes with larger-than-life marketing and glowing reviews yet comes from a company you’ve never heard of.
  • Having second thoughts and something doesn’t feel right about it.

When switching to a new authenticator app, it is important to remember that you will need to reset all 2FA seeds for all the accounts you have associated with the previous app.

Network Security Checklist – Download Free E-Book

Guru baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse engineering .NET malware.  The write-up outlines…

28 mins ago

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting the growing, widespread use and potential…

14 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such…

15 hours ago

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and education. The latest update, Wireshark 4.2.4,…

17 hours ago

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered platform designed to redefine how we…

17 hours ago

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information and grant unauthorized access. It's an…

18 hours ago