Researchers have discovered a new kind of malware that is able to steal the security codes generated by Google’s two-factor authentication (2FA) protection system.
Dubbed “Cerberus,” the malware is able to access the smartphone’s display and exploit the ability to capture screenshots of OTPs generated by the Google Authenticator app, explains a new report from ZDNet.
“Cerberus” was discovered by security firm ThreatFabric, which reported it could let hackers manually access a victim’s device with the help of its remote access trojan feature. This would then give the hackers access to open Google Authenticator, allowing them to generate passwords for secured apps — severely compromising a victim’s various accounts.
Additionally, researchers at NightWatch CyberSecurity have suggested that most Android apps use “FLAG_SECURE” setting to avoid their content to be captured via screenshots.
The report also suggests that while Google patched Authenticator back in 2014, the same bug was noticed again in 2017 and apparently remains unpatched now. However, the researchers add that since the malware seems to still be under development, they are yet to encounter it being used in the real world yet.
Google Authenticator provides a 2FA layer for protecting online accounts. Accessible through smartphones, it was conceived as a preferable alternative to SMS-based passcodes that are sent through mobile networks with varying (and dubious) levels of security.
Hackers that gain Google Authenticator’s passcodes with Cerberus could access any of the accounts safeguarded by it, including email inboxes, social media, and most other user-based platforms of online activity.