Moneycontrol

Budget 2021

Associate Partners:

  • SMC
  • Samsung
  • Volvo

Moneycontrol

Budget 2021

Associate Partners:

  • SMCSamsungVolvo
Webinar :Join an expert panel for a webinar on Smart investments for a secure retirement January 28, 2021. Register now!
you are here: HomeNewsTechnology

This Android malware can access OTPs from Google Authenticator app

Two-factor authentication (2FA) is a popular security mechanism that allows users to securely login to an online platform using a unique code

February 28, 2020 / 01:49 PM IST

Security researchers have reportedly discovered an Android malware strain that can extract One-Time Password (OTP) generated via Google Authenticator — the app which is used as a two-factor authentication tool for many online accounts.

Two-factor authentication (2FA) is a popular security mechanism that allows users to securely login to an online platform using a unique code. This numeric code is typically sent via an SMS to the user’s registered mobile number or generated within an app like Google Authenticator. 

Researchers at Dutch mobile security firm ThreatFabric have reported about a strain of the Cerberus banking Trojan, which is capable of stealing 2FA codes from Google Authenticator. 

"When the [Authenticator] app is running, the Trojan can get content of the interface and can send it to the [command-and-control] server," the research team told ZDNet.

According to the report, Cerberus includes the same breadth of features usually found in remote access trojans (RATs), a superior class of malware. These RATs allow Cerberus operators to remotely connect to an infected device, use the victim’s banking credentials and then use the Authenticator OTP-stealing feature to bypass 2FA protections on the account.

Close

Fortunately, the RAT feature is currently not active in Cerberus. However, researchers state that it 'might be released soon', meaning hackers could get their hands on the advanced malware.

It is best for users to install security updates as soon as they are available to avoid being a victim to any kind of malware.
Moneycontrol News
first published: Feb 28, 2020 01:49 pm

stay updated

Get Daily News on your Browser
Sections