HomesecurityAndroid malware steals Google Authenticator 2FA codes

Android malware steals Google Authenticator 2FA codes

Researchers security found that one Android malware can steal one-time (OTP) passwords produced through it Google Authenticator. Google Authenticator is one application for mobile, it offers control two-factor authentication (2FA) for different online accounts.

Google launched the Authenticator app in 2010. The app generates six-digit or eight-digit unique codes that users place on sign-in forms to obtain access to online accounts.

Google Authenticator has been released as an alternative to codes SMS-based access. Google Authenticator generates the passwords in smartphone and so the codes are not transferred over unsecured mobile networks. Therefore, The accounts that use Authenticator codes as 2FA are considered safer protected by SMS-based codes.

Google Authenticator

However, the research team of the Dutch security company ThreatFabric found that Android malware, Cerberus, has acquired the ability to steal the OTP codes generated by Authenticator. Cerberus is a relatively new Android banking trojan which first appeared in June 2019.

"By abusing access rights, Android malware can now steal 2FA codes from Google Authenticator, ”said the ThreatFabric team.

"When the [Authenticator] application is running, the Trojan can take the contents of the interface and send it to a command-and-control server," they added.

According to researchers, the new version of Cerberus, which includes this feature, is not yet sold to hacking Forums.

"We believe that this variant of Cerberus is still in trial phase", but it may be released soon," said the researchers.

Android malware

Bypass 2FA for access to bank accounts

ThreadFabric researchers pointed out that current versions of Android malware Cerberus are already very advanced. They include many of the features they have remote access trojans)RATs), which is a superior category malware.

These RAT features allow Cerberus players to remotely connect to an infected device, using banking credentials of the victim to access bank accounts and then use the Authenticator's OTP codes to bypass 2FA, if any.

ThreatFabric researchers believe Cerberus will primarily be used to bypass 2FA for bank accounts. However, hackers will be able to use it too infringement many other accounts (e.g. email, coding repositories, social media accounts, intranets, and more).

So far, not many malware have been able to bypass 2FA protection.

If the new feature introduced in Cerberus works properly, then Android malware will fall into the malware elite.

The new features of Cerberus are analyzed in detail in one report by ThreatFabric, which summarizes recent upgrades and other Android malware.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement