A malicious app on the Google Play Store automatically installed malware called Vultur which targets financial services to steal users’ banking information. Infected “2FA Authenticator” was removed from the store after 15 days during which more than 10000 users have downloaded it. Quote strange is that the app required much more permissions than its main functionality would suggest and was published via Play Store without.
more:
https://blog.pradeo.com/vultur-malware-dropper-google-play
Recommendations
Developer:
Check your device.QA engineer:
Check your device.PM/DM:
Check your device.