Vultur malware is back on the Google Play Store

The dreaded Vultur malware has returned to the Google Play Store, via an application that seems unsuspected.

It is via the Pradeo blog that researchers have spotted the trace of Vultur, this malware well known to cybersecurity experts, capable of emptying your bank account when it infects an Android smartphone. Already spotted last year on the Play Store, the malware had since been discreet. It is clear that he had not really disappeared from circulation.

It’s from an application called 2FA Authenticator that the Vultur malware has this time found a way to crack down. Installed by more than 10,000 people, the software, which presents itself as a secure password manager, is in fact a formidable trojan-dropper. Once installed on a device, 2FA Authenticator will first ask the user for critical permissions, not specified on the product sheet of the software. Permissions that will then allow him to execute malicious code, capable of siphoning your bank account.

Hard to spot

All of Vultur’s strength lies in its discretion, but also in its well-honed mechanics. By giving access to the geolocation of the victim, the software will first allow hackers to carry out targeted attacks according to his country or his location. The software then takes care of deactivating the keyboard lock, then downloading third-party applications without the knowledge of its owner, claiming updates.

Once installed, the software will be able to run even when closed, making it particularly difficult to grasp. It will then allow itself a series of critical permissions related to the Android system, in order to scan in real time more than a hundred applications, including crypto wallets and banking software.

To avoid finding yourself in the nets of Vultur, we advise you first to uninstall the application in question if you ever had the misfortune to download it. The software may have been quickly removed from the Play Store, but caution is still in order.

Leave a Comment

Your email address will not be published.