Two-factor authentication( 2FA) is one of the best ways to secure your services and accounts, and Google Authenticator is perhaps the most popular app in this regard.Unfortunately, a brand-new type
of Android malware is capable of stealing 2FA codes from Google’s app, according to a report by security company Threatfabric (via ZDNet). According to the report, a variation of the Cerberus banking trojan emerged with this ability in January 2020. “Abusing the Accessibility benefits, the Trojan can now also take 2FA codes from Google Authenticator application. When the app is running, the Trojan can get the content of the user interface and can send it to the C2 [command and control– ed] server. Once once again, we can deduce that this functionality will be utilized to bypass authentication services that rely on OTP codes,” reads an excerpt of the report.
Threatfabric notes that the new malware function isn’t being advertised on underground online forums right now, recommending that this ability is still in testing. The company says it still provides a major threat to online banking services. However this might also be a massive risk to other accounts and services that use 2FA, such as email, Google accounts, and more.Two-factor authentication apps like Google Authenticator are typically considered to be more secure than SMS-based 2FA. 2 factor codes through text message can be intercepted, and there have undoubtedly been many cases of SIM swap fraud that allows criminal stars to gain these codes.Nevertheless, we hope to see Google shore up Android’s defenses against this malware, as
it likely affects other 2FA apps. But ideally it doesn’t mean similarly extreme measures like it took with SMS and calling consents. More posts about Android security