Google Authenticator at risk from Android malware

google authenticator 2fa codes malware

There’s an Android malware strain that can now steal one-time passcodes (OTP) that are generated through Google Authenticator- a mobile app by Google that is used for two-factor authentication (2FA) of online accounts.

The Authenticator mobile app was launched in 2010 by Google, the app generates six to eight-digits-long unique codes that the users must enter in their login forms to access their online accounts.

Google launched this service as an alternative to the SMS-based one-time passcodes because often codes that travel through insecure mobile networks are more prone to attacks than 2FA codes that are generated on a user’s mobile reducing the security issue drastically.

But now, Google Authenticator alone isn’t vulnerable to the latest strain of malware called Cerberus, rather it is considered as a side effect of Android’s powerful Accessibility service that leaks information to threat actors. And by adding a Remote Access Trojan like Cerberus, the hackers have everything they need for a seamless attack.

The latest version of Cerberus makes use of the Accessibility functionality to steal secure information and private content of Google’s 2FA app and hackers could easily utilize the code to log into the victim’s online banking account and steal particulars.