{"id":45047,"date":"2022-01-28T14:25:31","date_gmt":"2022-01-28T14:25:31","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33053\/2FA-App-With-10-000-Google-Play-Downloads-Loaded-Well-Known-Banking-Trojan.html"},"modified":"2022-01-28T14:25:31","modified_gmt":"2022-01-28T14:25:31","slug":"2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/","title":{"rendered":"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/01\/2fa-app-800x527.jpeg\" alt=\"2FA app with 10,000 Google Play downloads loaded well-known banking trojan\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"70 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2022\/01\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">100<\/span> <span class=\"visually-hidden\"> with 70 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 66:single\/related:c3e21770264987116b31587708147681 --><!-- empty --><\/p>\n<p>A fake two-factor-authentication app that has been downloaded some 10,000 times from Google Play surreptitiously installed a known banking-fraud trojan that scoured infected phones for financial data and other personal information, security firm Pradeo said.<\/p>\n<p>2FA Authenticator <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.privacy.account.safetyapp\">went live on Google Play<\/a> two weeks ago, posing as an alternative to legitimate 2FA apps from <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.apps.authenticator2&amp;hl=en_US&amp;gl=US\">Google<\/a>, <a href=\"https:\/\/www.twilio.com\/authy\">Twilio<\/a>, and other trusted companies. In fact, researchers from security firm Pradeo <a href=\"https:\/\/blog.pradeo.com\/vultur-malware-dropper-google-play\">said on Thursday<\/a>, the app steals personal data from user devices and uses it to determine whether infected phones should download and install a banking trojan already known to have infected thousands of phones in the past.<\/p>\n<h2>The vulturs are circling<\/h2>\n<p><a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/07\/new-bank-fraud-malware-called-vultur-infects-thousands-of-devices\/\">Discovered last year<\/a> by security firm ThreatFabric, Vultur is an advanced piece of Android malware. One of its many innovations is its use of a real implementation of the VNC screen-sharing application to mirror screens of infected devices so attackers can glean in real time the login credentials and other sensitive data from banking and finance apps.<\/p>\n<p>To make 2FA Authenticator look real, its developers started with <a href=\"https:\/\/github.com\/beemdevelopment\/Aegis\">this legitimate sample<\/a> of the open source Aegis authentication application. An analysis of the malware shows that it really was programmed to provide the authentication service it advertised.<\/p>\n<p>Behind the scenes, however, stage one of the 2FA Authenticator collected a list of apps installed on the device along with the device\u2019s geographic location. The app would also disable the Android lock screen, download third-party apps with the pretense they were \u201cupdates,\u201d and overlay other mobile app interfaces to confuse users.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>In the event infected phones were in the right locations and had the right apps installed, stage two of 2FA Authenticator would install Vultur, which at last check was programmed to record Android device screens when any of 103 banking, financial, or cryptocurrency apps are running in the foreground.<\/p>\n<p>Pradeo said that 2FA Authenticator went live on January 12, that company researchers notified Google that the app was malicious on January 26, and that Google removed it about 12 hours later. Over the two weeks it was available in Play, the app was installed by about 10,000 users. It\u2019s not clear if Google has notified any of them that the security app they thought they were getting was, in fact, a banking-fraud trojan.<\/p>\n<p>In retrospect, there were red flags that experienced Android users could have spotted that 2FA Authenticator was malicious. Chief among them were the extraordinary number and breadth of system permissions it required. They included:<\/p>\n<ul>\n<li>android.permission.QUERY_ALL_PACKAGES<\/li>\n<li>android.permission.SYSTEM_ALERT_WINDOW<\/li>\n<li>android.permission.REQUEST_INSTALL_PACKAGES<\/li>\n<li>android.permission.INTERNET<\/li>\n<li>android.permission.FOREGROUND_SERVICE<\/li>\n<li>android.permission.RECEIVE_BOOT_COMPLETED<\/li>\n<li>android.permission.DISABLE_KEYGUARD<\/li>\n<li>android.permission.WAKE_LOCK<\/li>\n<\/ul>\n<p>The official Aegis open source app code requires none of these permissions. App downloads posing as updates might be another telltale sign that something was amiss with 2FA Authenticator.<\/p>\n<figure class=\"image shortcode-img center large\"><img loading=\"lazy\" decoding=\"async\" alt=\"A review of 2FA Authenticator from one Google Play user.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/01\/2fa-authenticator-review-640x162.png\" width=\"640\" height=\"162\"><figcaption class=\"caption\">\n<div class=\"caption-text\">A review of 2FA Authenticator from one Google Play user.<\/div>\n<\/figcaption><\/figure>\n<p>An email seeking comment from the developer address listed in the Google Play listing didn\u2019t receive an immediate response. The same malicious 2FA Authenticator app remains available in third-party marketplaces <a href=\"https:\/\/apkpure.com\/es\/2fa-authenticator\/com.privacy.account.safetyapp\">here<\/a>, <a href=\"https:\/\/apkplz.net\/app\/com.privacy.account.safetyapp\">here<\/a>, and&nbsp;<a href=\"https:\/\/apktada.com\/app\/com.privacy.account.safetyapp\">here<\/a>. Google representatives weren\u2019t immediately available for comment.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33053\/2FA-App-With-10-000-Google-Play-Downloads-Loaded-Well-Known-Banking-Trojan.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":45048,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9845],"class_list":["post-45047","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwarebankphonetrojancybercrimefraudgooglebackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-28T14:25:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/01\/2fa-app-800x527.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan\",\"datePublished\":\"2022-01-28T14:25:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/\"},\"wordCount\":550,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan.jpg\",\"keywords\":[\"headline,malware,bank,phone,trojan,cybercrime,fraud,google,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/\",\"name\":\"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan.jpg\",\"datePublished\":\"2022-01-28T14:25:31+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan.jpg\",\"width\":800,\"height\":527},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,bank,phone,trojan,cybercrime,fraud,google,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwarebankphonetrojancybercrimefraudgooglebackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/","og_locale":"en_US","og_type":"article","og_title":"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-28T14:25:31+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/01\/2fa-app-800x527.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan","datePublished":"2022-01-28T14:25:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/"},"wordCount":550,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan.jpg","keywords":["headline,malware,bank,phone,trojan,cybercrime,fraud,google,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/","url":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/","name":"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan.jpg","datePublished":"2022-01-28T14:25:31+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan.jpg","width":800,"height":527},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/2fa-app-with-10000-google-play-downloads-loaded-well-known-banking-trojan\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,bank,phone,trojan,cybercrime,fraud,google,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwarebankphonetrojancybercrimefraudgooglebackdoor\/"},{"@type":"ListItem","position":3,"name":"2FA App With 10,000 Google Play Downloads Loaded Well-Known Banking Trojan"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45047"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45047\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/45048"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}