Security researchers have discovered a new Android malware Cerberus, which is capable of stealing security codes from your Google Authenticator app. In case you were under the impression that no security threat can ever outsmart the Google Authenticator app, this discovery is about to render that belief of yours completely pointless.
Cerberus Android malware could steal Google Authenticator codes
According to ThreatFabric, a fairly new malware Cerberus seems to have what it takes to outwit Google Authenticator by a huge margin and steal secret codes from inside the app. Now, this is the extent to which Android malware programs have become advanced these days. To understand the severity of this issue, first, we need to understand why the Google Authenticator app exists in the first place.
Are Google Authenticator codes no longer safe?
The whole purpose of Google Authenticator is to provide users with an additional layer of security so that they can prevent others from gaining unauthorized access to their online accounts. This is possible using two-factor authentication or 2FA.
Apps and websites supporting Google Authenticator enable users to enter their login credentials including usernames and passwords, followed by a unique one-time passcode visible inside the Google Authenticator app. In a nutshell, the Google Authenticator app serves as a safer alternative to one-time password (OTP) authentication over SMS.
What is Cerberus malware?
Cerberus is a banking trojan that initially appeared on the threat landscape towards the end of June last year. Some of the key offerings of this malware include unauthorized data transfer of personally identifiable information from infected devices.
In spite of these offerings, the malware severely lacked anti-detection capabilities. Earlier this year, Cerberus authors created a new variant aiming to fix those shortfalls. Cerberus now provides features akin to Remote Access Trojans (RAT).
Researchers explain what actually goes behind the entire process:
“This new Cerberus variant has undergone refactoring of the code base and updates of the C2 communication protocol, but most notably it got enhanced with the RAT capability, possibility to steal device screen-lock credentials (PIN code or swipe pattern) and 2FA tokens from the Google Authenticator application.”
However, the Cerberus issue is not limited to circumventing Google’s 2FA Authenticator. Cerberus goes deep inside your device’s file system and downloads its contents. Bad to worse, the malware can also launch TeamViewer and setup connections, further providing hackers with full remote access of the victim’s device.
The Cerberus malware is also equipped with the screen-lock credentials theft mechanism. It simply provides hackers with more ways to remotely gain access to the victim’s device. However, researchers believe the Cerberus authors are yet to release this variant of the malware and it’s currently in a test phase.