.png)
Everyone is getting used to two-factor authentication. That's good, but it's still imperfect in that the bad guys are getting better at working around it. Even though SMS has been insecure for a long time, there is now known malware that will penetrate authenticator apps. You still need to be diligent and take good practices into account.
I think this is difficult for the average person because there are so many different ways that you can make an error. Consider using your phone in a simple way and only use standard methods of installing or operating on the Web when something different occurs. Just don't do it. Wait until you get to a trusted friend or person that has some IT skills and then ask them. There is rarely an emergency that we can't wait a little longer and dig a little deeper to figure out. Is it really safe?
Reference: https://www.tomsguide.com/news/escobar-android-banking-trojan
