Researchers have discovered a new kind of malware which is able to steal the security codes generated by Google's two-factor authentication (2FA) protection system.
The malware, dubbed Cerberus, is able to access the smartphone's display and exploit the ability to capture screenshots of OTPs generated by the Google Authenticator app.
The malware could also exploit other kinds of similar service, such as Microsoft Authenticator.
- Android banking trojan steals Google two-factor authentication code
- You can now use an iPhone as a Google security key
- Norton LifeLock phishing scam infects victims with remote access trojan
The malware was discovered by security firm ThreatFabric, which reported it could let hackers manually access a victim's device with the help of its remote access trojan feature.
This would then give access to open the Google Authenticator app, allowing the hackers to generate passwords for the secured apps, providing easy access to a victim's account.
In addition, researchers at NightWatch CyberSecurity have suggested that most Android apps use “FLAG_SECURE” setting to avoid their content to be captured via screen shots.
However, both Google and Microsoft were found to not be using this setting in their Authenticator app for Android, meaning anyone could take a screen shot of the OTP codes generated by the app and access them without the users's knowledge.
The report also suggests that while Google may patched Authenticator back in 2014, the same bug was noticed again in 2017 and apparently remains unpatched now.
However the researchers add that since the malware seems to still be under development, they are yet to encounter it being used in the real world yet.
- The best antivirus software for 2020