Researchers security found that one Android malware can steal one-time (OTP) passwords produced through it Google Authenticator. Google Authenticator is one application for mobile, it offers control two-factor authentication (2FA) for different will accounts.
Google launched the Authenticator app in 2010. The app generates six-digit or eight-digit unique codes that users place on sign-in forms to obtain access to online accounts.
Google Authenticator has been released as an alternative to codes SMS-based access. Google Authenticator generates the passwords in smartphone and so the codes are not transferred over unsecured mobile networks. Therefore, The accounts that use Authenticator codes as 2FA are considered safer protected by SMS-based codes.
However, the research team of the Dutch security company ThreatFabric found that Android malware, Cerberus, has acquired the ability to steal the OTP codes generated by Authenticator. Cerberus is a relatively new Android banking trojan which first appeared in June 2019.
“By abusing access rights, Android malware can now steal 2FA codes from Google Authenticator ”, said the ThreatFabric team.
"When the [Authenticator] application runs, the Trojan can take the contents of the interface and send it to a command-and-control server," they added.
“We believe this Cerberus variant is still in place trial phase, but it may be released soon, "the researchers said.
Override 2FA to access bank accounts
ThreadFabric researchers pointed out that current versions of Android malware Cerberus are already very advanced. They include many of the features they have remote access trojans)RATs), which is a superior category malware.
These RAT features allow Cerberus players to remotely connect to an infected device, using banking credentials of the victim to access bank accounts and then use the Authenticator's OTP codes to bypass 2FA, if any.
ThreatFabric researchers believe Cerberus will primarily be used to bypass 2FA for bank accounts. However, hackers will be able to use it too infringement many other accounts (e.g. email, coding repositories, social media accounts, intranets, and more).
So far, not many malware have been able to bypass 2FA protection.
If the new feature introduced in Cerberus works properly, then Android malware will fall into the malware elite.
The new features of Cerberus are analyzed in detail in one report by ThreatFabric, which summarizes recent upgrades and other Android malware.