Multi-factor Authentication – MFA – if you are unsure how this cyber security tool contributes to your security, then have a read of this:
If you do know how important MFA is, then you will realise that a fake MFA app would cyber security chaos. Of course, the threat actors have created a fake Google Authenticator and are distributing it via Google Ads.
Google ads push fake Google Authenticator site installing malware (bleepingcomputer.com)
These ads are using effective domain cloaking, so victims are unaware they are not visiting an authentic Google link. Eventually when the victim clicks on the link to download the “authenticator”, DeerStealer, an info-stealing malware that exfiltrates credentials, cookies, and various other information stored in their web browser.
Your Takeaway
Due diligence is needed when downloading an authenticator app – a key part of your organisation’s cyber security. Via an authenticated app store to a smartphone is a recommended way.
Clive Catton MSc (Cyber Security) – by-line and other articles