Trojan steals Google two-factor authentication codes

New version of Cerberus is not yet for sale on hacking forums

Cerberus, a malware strain targeting Android devices, is now able steal one-time passcodes generated through the Google Authenticator app, security researchers have claimed.

Launched in a bid to improve upon SMS-based one-time passcodes, Google’s app is used as a two-factor authentication (2FA) layer for many online accounts.

Generated on the user’s smartphone, Google Authenticator codes are considered more secure than SMS-based alerts as they do not travel through possibly-vulnerable mobile networks.

However, the latest iteration of the Cerberus banking trojan is capable of circumventing the protection afforded by Google Authenticator, security researchers from ThreatFabric have found.

“Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from the Google Authenticator application,” the team said.

Cerberus malware

The ability to sidestep multi-factor authentication – something very few malware strains have previously been able to execute – would position Cerberus among an elite class of trojans.

According to ThreatFabric, current versions of the banking trojan are already advanced, and exhibit the same qualities found in remote access trojans (RATs) – a highly potent class of malware.

Advanced features allow hackers to remotely connect to an infected device, and use the code-stealing capability to gain entrance to online banking accounts.

Although it’s most likely cybercriminals will use the ability to bypass 2FA to access online banking accounts, there same feature could allow them to infiltrate other types of account protected by Google Authenticator, such as email inboxes.

As it stands, the version of Cerberus capable of stealing 2FA codes has not yet been published to hacking forums, however this isn’t to say it will not be at some point in the future.

“We believe this variant of Cerberus is still in the test phase but might be released soon,” warned the ThreatFabric team.

We’re Netplatforms.

If you’re bewildered by the prospect of reviewing your Data Backup, we can help.

We’re Net Platforms and we have years of experience in supporting small-medium businesses across London and Essex with such technology challenges. We’ll get to know your business and create the most appropriate solution to meet your technical requirements, while being commercially sensible in cost. Please contact the team today on 0207 993 9035 or hello@netplatforms.wmtemp.com.