Google Authenticator is an official authentication tool for Google, but the recently released version of the “Cerberus” Android Web-silver Trojan has also been a danger to account services with two-factor authentication (2FA). Security researchers point out that the malware can extract and steal one-time passwords (OTPs) generated by Google’s Authenticator authenticator.
Google launched the Authenticator mobile app in 2010, which generates a unique verification code of 6 or 8 digits to enter when users sign in to their account online.
In theory, Authenticator apps can always transfer data over less secure mobile networks, with greater security than verification code delivery based on carrier SMS channels.
However, in a report released this week, ThreatFabric, a Dutch mobile security company, noted that its researchers found OTP theft for Authenticator in ACerberus’ latest sample.
The ThreatFabric team points out that Cerberus, which came out in June 2019, is a relatively novel type of Android webware.
It abuses special Access access and can now even steal two-factor verification codes from the Google Authenticator app.
At runtime, Cerberus is able to intercept the interface content and send it to the command and control server.
ThreatFabric has not disclosed details of the new feature on the hacking forum. This variant of Cerberus is still in beta because it believes it will be a formal hit.
The team noted that the current version of the Cerberus net-in-one trojan is already comparable, and even has some of the capabilities common in the more advanced Remote Access Trojan (RAT).
In other words, a remote attacker can connect to an infected device, use the victim’s credentials to access the online banking account, and then use The Authenticator OTP theft to bypass the two-factor authentication of the account.
If allowed to continue and wreak havoc, Cerberus is likely to be the elite monster of its kind.