Google Authenticator 2FA codes can be stolen by Android malware

Developers are always on the lookout for possible malware especially if we’re talking about Android. The latest finding is malware that can steal Google Authenticator 2FA codes. We deem this very serious because we’re talking about a supposedly safe and secure Google app. Known as “Cerberus”, this Android banking trojan has been set to steal one-time codes the Google Authenticator app generates. This particular trojan is also said able to bypass 2FA-protected accounts. Cerberus is actually nothing new since it was first discovered in June last year.

Not to be confused with the theft tracking app Cerberus, this bank trojan has been “improved” much to our disappointment. It has a new version as it can steal one-time (OTP) passcodes.

Google Authenticator is widely used for two-factor authentication (2FA) for numerous online accounts. Having it compromised is a big thing. It must be fixed soon and we know Google is already working on it.

What usually happens is that Cerebrus takes the content of the interface of the running Authenticator app. It then sends the stolen code to a server.

The Cerberus banking trojan is considered advanced like remote access trojans (RATs). It can connect to an infected device remotely to steal OTP and then eventually banking credentials. To be honest, this discovery tells us an authenticator-based 2FA is not that safe at all. That’s our takeaway so privacy, safety, and security must be further improved by all parties.