One solution to securing your online accounts is to use two-factor authentication (2FA). It places an extra layer of security on top of your login process, making it harder for criminals to hack. Tap or click here for iPhone security settings to change right now.
But 2FA codes sent through a text message or email can be intercepted by hijackers or scammers, who will then have access to your account. An authenticator is a separate application that provides a one-time PIN or phrase to authorize your login.
But what happens when the authenticator itself has been compromised? Read on to see how one popular authenticator app is being spoofed to rip people off.
Here’s the backstory
There are authenticator apps from Big Tech companies like Microsoft and Google. At the same time, Facebook uses a built-in code generator for 2FA. But an account isn’t limited to just one authentication method.
A popular choice for iOS users is the Authenticator App by 2Stable, which generates 2FA tokens for your online accounts. Creator Kevin Archer was doing routine maintenance recently and noticed something peculiar.
He discovered that another application copied his app’s description in the Apple App Store and seemed to be a clone or copycat. The spoofed app’s developer asks for an App Store review immediately after downloading, which is against App Store rules.
Why would anybody copy the app? To make money, of course. And that is precisely what’s happening here, as the fake app charges $3.99 a week. The blatant cloning and asking for a review left Archer questioning the App Store review process.
I really don't understand how these apps pass the App Store review with features that don't work, with a copied design, with forcing users to review their app before even seeing it, and of course with a weekly subscription.— Kevin Archer (@IM_Kevin_Archer) February 19, 2022
How to get the real Authenticator App for Apple devices
One way to stay protected is by only downloading apps from official app stores. But when the app store’s review process fails, it creates many problems for developers and users. The actual Authenticator by 2Stable app can be found here, and any others are fake.
Here are some other things you can do to stay safe:
- Ensure that you are downloading the real version of apps by checking all the details on the description page. Check that the correct developer is listed and that there are no spelling errors in the description.
- Read app reviews to see if users have complained about the authenticity. Also, pay attention to the rating. If it is three stars or below, proceed with caution.
Don’t make this mistake using 2FA – Your texts could be hijacked
7 essential Android security settings: 2FA, spot shady apps, stop location tracking