contador web Saltar al contenido

New Android malware steals Google Authenticator security codes

New Android malware steals Google Authenticator security codes

Two-factor authentication is one of the safest ways to log in to an online account.

If this method can resort to sending SMS, the generation of codes through an application, such as Google Authentificator, is even more secure, since it is not necessary to send messages (which can potentially be intercepted).

Unfortunately for Google, your 2FA application is now vulnerable to malware. According to a report recently published by security researchers at Threatfabric.

A variant of the banking Trojan "Cerberus" has recently been able to detect the codes generated by Google Authenticator and exploit them for malicious purposes. To achieve this, the malware takes advantage of Android's accessibility features.

"By abusing accessibility privileges, this malware can now steal 2FA codes from the Google Authenticator application. When we start the application, the malware can take the content from the interface and send it to the C2 server (command and control). Again, it can be inferred that this functionality will be used to bypass authentication services that depend on OTP codes "

As Threatfabric indicates in its analysis, this new feature of Cerberus still does not seem to be much commented on forums frequented by hackers, which suggests that it is currently being tested and, therefore, little explored in fact.

However, it can pose a major threat to many services using two-factor identification, whether simply by logging into your Twitter or Google account or worse, in banking services.

Due to its access mode, the malware can capture data from other 2FA applications, in addition to Google Authenticator. Therefore, it is Google?s responsibility to correct this breach as soon as possible to avoid further problems in the future.

Editor's recommendation: