Cerberus, a strain of malware targeting Android devices, can now steal unique passcodes generated through the Google Authenticator app, according to security researchers. Launched with the goal of improving SMS-based one-time passcodes, the Google app is used as a two-factor authentication (2FA) layer for many online accounts. Generated on the user's smartphone, Google Authenticator codes are considered more secure than SMS alerts because they don't pass through potentially vulnerable mobile networks. However, the latest version of the Cerberus banking Trojan can bypass the protection offered by Google Authenticator, security researchers at ThreatFabric have discovered. "By abusing accessibility privileges, the Trojan can now also steal 2FA codes from the Google Authenticator app," the team said.
Cerberus Malware
The ability to bypass multi-factor authentication, something very few malware strains have been able to do before, would position Cerberus among an elite class of Trojans. According to ThreatFabric, current versions of the banking Trojan are already advanced and have the same qualities as Remote Access Trojans (RATs), a very powerful class of malware. Advanced features allow hackers to remotely connect to an infected device and use code-stealing capabilities to access online bank accounts. While the ability to bypass 2FA is most likely used by cybercriminals to access online bank accounts, the same functionality could allow them to infiltrate other types of accounts protected by Google Authenticator, such as email inboxes. At the moment, the version of Cerberus capable of stealing 2FA codes has not yet been published on the hacking forums, but that does not mean that it will not be released some time in the future. "We believe that this Cerberus variant is still in the testing phase, but could be released soon," the ThreatFabric team warned. via ZDNet