YouTube player

Android device owners beware. There is a malicious app from the Google Play store that may be assessing your personal banking information. The app is the “Todo: Day Manager” and has over 1,000 downloads. The app is designed to hijack your login info from your banking apps and can even read your sms messages to intercept your 2FA verification code. The malware also has good persistence. Upon installation, it asks the user for access permissions. Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it uninstallable from the phone. The only way to recover is to do a factory reset and pray that you have a recent backup.

This segment was created for the It’s 5:05 podcast