Downloading an authentication app? Don't fall for the rogue ones


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
About two weeks ago, we reported that by March 20, 2023, Twitter will no longer offer everyone SMS authentication except for its Blue subscribers. This means that for those using SMS to secure their accounts, they will need to switch to a different type of two-factor authentication (2FA), such as a hardware key or an authentication app.

Thankfully, the latter is not just one of the most secure 2FA methods today, but it's also free. All a user needs to do is to install an authentication app on their device's app store, link it to Twitter, and they're good to go (we even made a handy guide). However, according to a recent report by Sophos, app stores are currently plagued with rogue authentication apps that aim to drain a victim's wallet and steal sensitive data.

In an email to Sophos, developer Tommy Mysk said that he and his team analyzed several authenticator apps after Twitter announced the discontinuation of SMS-based 2FA for regular users. They found not only several fraudulent authenticator apps that look almost the same, but many also ask users to pay $20-40 for a yearly subscription to the service. They even found one that sends every scanned QR code to the developer’s Google analytics account.

It's safe to say fake authenticator apps will continue to proliferate on app stores as soon as Twitter disables SMS-based 2FA for some of its users. Protect yourself from these by downloading only established authenticator apps, such as Google Authenticator, Microsoft Authenticator, Authy, Lastpass Authenticator, and Duo Mobile. Most of these apps don't charge anything, so you can easily protect your online accounts without subscribing to a premium service.


New Member
Sep 27, 2022
The article warns users of the dangers of downloading rogue authentication apps, which can potentially steal sensitive data and charge exorbitant subscription fees. With Twitter discontinuing SMS-based 2FA for regular users, users are encouraged to switch to a different type of 2FA such as an authentication app. However, according to a recent report, many fraudulent authentication apps exist on app stores, some of which ask users to pay for a yearly subscription and send every scanned QR code to the developer's Google analytics account. To protect oneself, the article recommends downloading established authentication apps such as Google Authenticator, Microsoft Authenticator, Authy, Lastpass Authenticator, and Duo Mobile, all of which are free and trusted.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.