This Android malware can access OTPs from Google Authenticator app
Two-factor authentication (2FA) is a popular security mechanism that allows users to securely login to an online platform using a unique code
February 28, 2020 / 01:49 PM IST
Security researchers have reportedly discovered an Android malware strain that can extract One-Time Password (OTP) generated via Google Authenticator — the app which is used as a two-factor authentication tool for many online accounts.
Two-factor authentication (2FA) is a popular security mechanism that allows users to securely login to an online platform using a unique code. This numeric code is typically sent via an SMS to the user’s registered mobile number or generated within an app like Google Authenticator.
Researchers at Dutch mobile security firm ThreatFabric have reported about a strain of the Cerberus banking Trojan, which is capable of stealing 2FA codes from Google Authenticator.
"When the [Authenticator] app is running, the Trojan can get content of the interface and can send it to the [command-and-control] server," the research team told ZDNet.
According to the report, Cerberus includes the same breadth of features usually found in remote access trojans (RATs), a superior class of malware. These RATs allow Cerberus operators to remotely connect to an infected device, use the victim’s banking credentials and then use the Authenticator OTP-stealing feature to bypass 2FA protections on the account.
Fortunately, the RAT feature is currently not active in Cerberus. However, researchers state that it 'might be released soon', meaning hackers could get their hands on the advanced malware.
It is best for users to install security updates as soon as they are available to avoid being a victim to any kind of malware.