Android Banking Malware Stealing 2FA Codes From Google Authenticator
By Yash Kudal
Security experts have discovered a new type of Android malware that can extract and steal one-time passcode (OTP) generated by Google Authenticator.
A team of investigators say that they have seen an OTP stealing ability in Cerberus, a new android banking trojan which was launched last year.
As per reports, the current type of Cerberus banking Trojan have many capabilities. It violates access rights to steal 2FA codes. When the Authenticator app is open, it can leak content and may send it to the remote attacker server.
How Authenticator works?
Google introduced the Authenticator mobile app in 2010 as an alternative to using a one-time SMS-based passcode.The app outlines six to eight unique codes that users must enter to sign in while trying to access online accounts.
As Google Authenticator codes are made on smartphones, online accounts for users with 2FA layers are considered to be much safer than those protected by SMS-based codes.
How does Trojan (in action) work with Authenticator compatibility?
The new Cerberus variant now includes the same bundle of features commonly found in remote access ports (RATs).
You can remotely connect to an infected device.
It can use the owner’s bank credentials to access an online bank account.
Uses the Authenticator OTP’s ability to override 2FA account protection, if needed.
This new 2FA code-stealing feature is not yet live-streamed on the Cerberus version which is now being advertised and is being sold on the forums.
Experts say that the Cerberus Trojan is likely to be used in online bank accounts. In addition, nothing prevents them from transferring Authenticator-based 2FA to other types of accounts and including emails, code entries, social media accounts, internal news, and more.