Monday, July 6, 09:49 p.m.
Home security Android malware steals Google Authenticator 2FA codes

Android malware steals Google Authenticator 2FA codes

2FAResearchers security found that one Android malware can steal one-time (OTP) passwords produced through it Google Authenticator. Google Authenticator is one application for mobile, it offers control two-factor authentication (2FA) for different will accounts.

Google launched the Authenticator app in 2010. The app generates six-digit or eight-digit unique codes that users place on sign-in forms to obtain access to online accounts.

Google Authenticator has been released as an alternative to codes SMS-based access. Google Authenticator generates the passwords in smartphone and so the codes are not transferred over unsecured mobile networks. Therefore, The accounts that use Authenticator codes as 2FA are considered safer protected by SMS-based codes.

However, the research team of the Dutch security company ThreatFabric found that Android malware, Cerberus, has acquired the ability to steal the OTP codes generated by Authenticator. Cerberus is a relatively new Android banking trojan which first appeared in June 2019.

Google Authenticator

“By abusing access rights, Android malware can now steal 2FA codes from Google Authenticator ”, said the ThreatFabric team.

"When the [Authenticator] application runs, the Trojan can take the contents of the interface and send it to a command-and-control server," they added.

According to researchers, the new version of Cerberus, which includes this feature, is not yet sold to hacking Forums.

“We believe this Cerberus variant is still in place trial phase, but it may be released soon, "the researchers said.

Override 2FA to access bank accounts

ThreadFabric researchers pointed out that current versions of Android malware Cerberus are already very advanced. They include many of the features they have remote access trojans)RATs), which is a superior category malware.

These RAT features allow Cerberus players to remotely connect to an infected device, using banking credentials of the victim to access bank accounts and then use the Authenticator's OTP codes to bypass 2FA, if any.

Android malware

ThreatFabric researchers believe Cerberus will primarily be used to bypass 2FA for bank accounts. However, hackers will be able to use it too infringement many other accounts (e.g. email, coding repositories, social media accounts, intranets, and more).

So far, not many malware have been able to bypass 2FA protection.

If the new feature introduced in Cerberus works properly, then Android malware will fall into the malware elite.

The new features of Cerberus are analyzed in detail in one report by ThreatFabric, which summarizes recent upgrades and other Android malware.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Behave! alerts you to websites that scan your computer

A new browser extension called Behave! will warn you if a website uses scripts to perform scans or attacks ...

Try2Cry ransomware: Infects USB flash drives

A new ransomware known as Try2Cry is trying to "reach" other Windows computers by infecting USB flash drives, using Windows shortcuts (LNK files) ...

Bitcoin scam attracts people with "bait" celebrities!

A bitcoin multi-stage scam exposed and used personally identifiable information (PII) to deceive users by prompting them to sign up for a ...

iPhone: What to do to boost your security?

One of the most important features of iOS is security. Rarely does a malicious application pass to ...

COVID-19: New research looks for antibodies in blood donors

The American Red Cross is examining the blood that has come from donations, and is looking for COVID-19 antibodies that will give it ...

Digital Transformation and Business: What Does Its Failure Mean?

Digital transformation is usually a way for businesses to outperform their competitors and get rid of methods that ...

Covaxin: India releases COVID-19 vaccine in August

The whole planet is waiting for the release of the vaccine for coronavirus, while clinical trials have begun in many countries around the world ....

iOS 13.5.1: iPhone users report battery issues

Have you noticed any changes to your iPhone lately? Maybe, for example, the battery runs out quickly ...

Avaddon ransomware: Attacks through Excel 4.0 macros

Microsoft announced yesterday that Avaddon ransomware spread this week through an old technique that came to the fore again. The...

Apple: Prohibits updating Chinese Apps without permission

Apple is banning developers from updating existing apps in China's App Store if they don't have government approval.