Dangerous Authenticator Apps

Sankt-Petersburg, Russia, February 3, 2019: Google authenticator application icon on Apple iPhone X smartphone screen close-up. Google Authenticator app icon. Social network. Social media icon

Two-factor authentication is one of the most secure ways to protect one’s accounts from unauthorized access. Hackers and data spies are excluded by 2FA. But where security is supposed to be guaranteed, there are of course also the tricks of cybercriminals who use this desire for security for themselves. At the moment, they particularly like to do this with dangerous authenticator apps.

How can you recognize dangerous Authenticator apps?

Authenticator apps are becoming more and more popular. As recently as March 2023, Twitter announced that they will charge for their own Authenticator service in the future. Two-factor authentication via SMS is then to be reserved for paying users only.

Naturally, this has caused numerous users to look for an alternative for their Twitter accounts. This, in turn, is attracting cybercriminals who want to use this for their own purposes.

So far, iPhones and the Apple App Store have been particularly affected. A large number of questionable apps can be found there, which pretend to be genuine authenticator apps. They even use the well-known names of secure apps and supposedly offer them for free.

This way, the “fake” apps are better found via search. So the dangerous authenticator apps end up right at the top of the search. Often, they are also clickable via advertising banners or land as prominent hits in the supposedly safe environment of the search results.

So pay close attention to what you click on and how these apps have gained their high status in the search results.

This is what the dangerous Authenticator apps are after

In most cases, the apps are disguised subscription traps. As a rule, they do not offer what they advertise. Instead, they are out to get users to sign up for a subscription.

Of course, these subscriptions are anything but cheap and do not offer any added value. They are simply subscription traps.

Moreover, they are set up in such a way that they cannot be closed easily. Instead, closing the subscription notice opens a payment release and a quick, careless click, can directly conclude the subscription.

In addition, however, at least one dangerous authenticator app was found to share scanned QR codes with third parties. The assumption that other data is not safe either is obvious.

In the future, these apps will probably go even further. Hackers always have new ideas on how they can use disguised apps to grab data or cause other damage.

This is why Apple does not react

Normally, you would think that Apple would take action against such fraud in their own App Store. However, it is relatively difficult in this case.

Despite numerous complaints from the victims of these spy apps, Apple has given the spy apps the nod for now. Or rather, they are having trouble tracking down the scammers.

A working app project is used to feed the apps into the Apple Store. Using this template, new apps can be created over and over again with new names, icons and descriptions.

The apps are then uploaded via different developer accounts. This makes it almost impossible to detect the scam.

All apps uploaded to the App Store have to go through a review process. However, the apps themselves are disguised and built in such a way that the scam is not noticed during this verification process. So the scammers have found a perfect scam to get their scam apps into the store.

Presumably, Apple will catch on to the whole thing sooner or later. But we know that cybercrime never sleeps, so it’s only a matter of time before the next scam pops up.


Twitter’s announcement about charging for its 2FA method is not only making waves among disgruntled Twitter users. Cybercriminals are also using this announcement for their own purposes.

At the moment, it’s mainly dangerous authenticator apps in the Apple App Store that you should watch out for. So don’t just blindly download something, but find out exactly where the app comes from beforehand.