Wani app da ake kira 2FA Authenticator kwanan nan ya bayyana a cikin Shagon Google Play, yana yin alƙawarin "amintaccen tabbaci don ayyukan ku na kan layi," yayin da yake alfahari da wasu abubuwan da aka ce sun ɓace daga ƙa'idodin tabbatarwa da ke akwai, kamar ɓoye bayanan da suka dace ko adanawa. Matsalar ita ce tana ɗauke da trojan banki mai haɗari. Pradeo, wani kamfanin tsaro na yanar gizo, ya gano haka.
Kazalika app din ya yi kokarin gamsar da masu amfani da shi cewa zai iya shigo da ka’idojin tantance wasu manhajoji guda biyu, wato Authy, Google Authenticator, Microsoft Authenticator, da Steam, da karbar bakuncinsu wuri guda. Hakanan ya ba da tallafi ga HOTP (maɓallin kalmar sirri na lokaci ɗaya na hash) da TOTP (maɓallin kalmar sirri na lokaci ɗaya) algorithms.
Koyaya, a zahiri, 2FA Authenticator ba a yi niyya don kare bayanan mai amfani ba, sai dai ya sata. A cewar ƙwararrun Pradeo, aikace-aikacen yana aiki azaman abin da ake kira dropper don malware wanda aka tsara don satar bayanan kuɗi. Ya ƙunshi buɗaɗɗen lambar tushe na aikace-aikacen Aegis Authenticator wanda ya kamu da malware.
Bayan app ɗin ya sami izinin da ake buƙata daga mai amfani, yana shigar da Vultur malware akan na'urarsu, wanda zai iya amfani da rikodin allo da rikodin hulɗar maɓalli don gano kalmomin shiga ta banki ta wayar hannu da shigar da sabis na kuɗi (ciki har da dandamalin ajiya na cryptocurrency).
An riga an cire app ɗin daga Shagon Google. Koyaya, a cikin kwanaki 15 yana samuwa a wurin, an yi rikodin abubuwan saukarwa sama da 10. Idan kana daya daga cikin wadanda suke da ita a wayar ka, ka goge ta nan da nan kuma ka canza duk mahimman kalmomin shiga don samun aminci.
Kuna iya sha'awar
