Categories
Latest News

Google Authenticator can’t keep your 2FA codes safe from this malware

Advertisement

Google account security page

Google account security pageSource: Joe Maring / Android Central

What you need to know

  • Dutch research firm ThreatFabric has discovered malware that can steal two-factor authentication codes from Google Authenticator.
  • Cerberus is the name of the banking trojan, but the strain that can steal 2FA codes is currently in testing and not yet available.
  • In general, it is more secure to use an app to generate 2FA codes such as Google Authenticator instead of using SMS.

Two-factor authentication or 2FA is a commonly used system to help protect your online accounts. It requires a user to enter an additional code when logging in, which is usually sent through SMS or generated with an app. In general, it is best to use an app to generate the code, such as Google Authenticator, instead of allowing it to be sent over the network to your phone where you run the risk of it being intercepted.

Unfortunately, security researchers from ThreatFabric recently discovered a strain of the Cerberus banking trojan, which can steal 2FA codes from Google Authenticator.

Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from Google Authenticator application.

When the [Authenticator] app is running, the Trojan can get the content of the interface and can send it to the [command-and-control] server.

In the report, the Dutch mobile security firm said, "We believe that this variant of Cerberus is still in the test phase but might be released soon."

Get protected with deals from ExpressVPN, PureVPN, Surfshark & more

While Cerberus is primarily a banking trojan, the researches note that it now includes many features found in traditional remote access trojans. This would allow users with Cerberus to remotely access your phone and access your bank account, including stealing the 2FA code if needed. It would also allow the attacker to access any other accounts you have enabled two-factor authentication on, such as your email, social media, shopping sites, and more.

Advertisement

Fortunately, for the time being, the Cerberus variant with 2FA stealing capabilities appears to still be in testing, and not out in the wild. Hopefully, by the time it has launched, Google will have found a way to prevent it from accessing two-factor authentication codes.

Two-factor au thentication: Everything you need to know

Advertisement

Samsung Galaxy S20 Ultra review: Too much of a good thingSamsung Galaxy S20 Ultra review: Too much of a good thing

Samsung Galaxy S20 Ultra review: Too much of a good thing

The Galaxy S20 Ultra is supposed to be the phone for the enthusiasts, the fans, the nerds who all want the biggest and best Samsung can offer, no matter the cost. Let's break down how well Samsung executes on the promise of an ultra flagship phone.

Do you buy insurance for your smartphone?Do you buy insurance for your smartphone?

Do you buy insurance for your smartphone?

Protecting your smartphone is essential, especially when prices are crossing the $1000 threshold. Do you go as far as to buy insurance for your handset?

Kazuhisa Hashimoto, creator of the well-known Konami Code, has passed awayKazuhisa Hashimoto, creator of the well-known Konami Code, has passed away

Kazuhisa Hashimoto, creator of the well-known Konami Code, has passed away

Kazuhisa Hashimoto, the creator of the Konami Code, has died. Konami confirmed the news on Twitter. Kazuhisa Hashimoto was 61 years old when he passed on.

These are the best of the best in smart home devices compatible with AlexaThese are the best of the best in smart home devices compatible with Alexa

These are the best of the best in smart home devices compatible with Alexa

The Amazon Echo can be the nerve center of your home with this collection of the best Alexa-compatible smart home devices. Which ones are you going to add to your home?

Original Article

Advertisement

Leave a Reply

Your email address will not be published.