A banking trojan disguised as a two-factor authentication application named 2FA Authenticator has now been taken off the Google Play store after 15 days of being available. The fully functional app built with open-source Aegis authentication code was downloaded more than 10,000 times before its removal. The malware that was intertwined with that app is what is known as the Vultur stealer and has keylogging and screen recording capabilities. These tactics are used in an effort to capture banking login credentials from unsuspecting Android users. Additional malicious activity can be carried out by asking the user of the device for additional privileges that could potentially open them up to various other threats. ThreatFabric, who is credited with the discovery of Vultur, made a comment that read “The actors chose to steer away from the common HTML overlay strategy we usually see in other Android banking trojans: this approach usually requires more time and effort from the actors in order to steal relevant information from the user. Instead, they chose to simply record what is shown on the screen, effectively obtaining the same end result.”