Detecting Android malware can easily steal OTP code without the victim knowing
International security experts have recently discovered an Android malware variant that can extract and steal one-time-use passwords (OTP) created through the Google Authenticator application.
This malware is called Cerberus - a relatively new banking trojan, first discovered in 2019, specializing in 'parasites' on Android, and especially possesses a special talent that makes it dangerous: Possibility of stealing OTP Authenticator.
Compared to last year's version, the current variant of Cerberus possesses some significantly more advanced capabilities. After successfully infiltrating the victim system, it can abuse access privileges to steal 2FA code, collect data from the Authenticator application and send it to the server controlled by the attacker.
If you don't already know, Authenticator is a 2-step verification code (2FA) device on your phone, launched in 2010 as an alternative to traditional one-time verification codes based on traditional SMS. Authenticator provides a better layer of security for users' Google accounts by requiring a second verification step when signing in. In addition to the password, you will need the code generated by the Google Authenticator app on your phone. After the account setup and linking steps, Authenticator will generate 6-8-digit OTP codes and provide them to users when they log into their respective accounts.
So how can this new Cerberus variant steal information from the Authenticator. Experts have found a range of features typical of the advanced remote access trojan (RAT) exist on this malicious code.
- It can connect remotely and automatically to an infected device.
- It can collect and use victims' information and data to access their online accounts - a major threat to online banking services, email, archives, transmission accounts. social media, intranet, etc.
However, the 2FA code theft feature is not yet available in the Cerberus version currently being advertised and sold on hacked forums. Security researchers therefore believe that this new Cerberus variant is still in beta, but it is likely to be released soon.
Google has not provided any feedback on the information, but the security patches for Android in general and the Authenticator application in the near future must contain a 'definite' solution to malicious code. this.
You should read it
- What is FormBook Malware? How to remove?
- 5 types of malware on Android
- How many types of malware do you know and how to prevent them?
- 10 typical malware types
- What is Malware Joker? How to fight Malware Joker?
- Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accounts
- What is Safe Malware? Why is it so dangerous?
- Can a VPN Fight Malware?
May be interested
- Computers can be controlled by hackers because of YM errorsbuffer overflows in two activex web components of the online messaging tool can provide an opportunity for hackers to install viruses, trojans to steal information or install backdoors to control a victim's computer.
- Malware WSL appeared with the ability to steal browser authentication cookieswindows subsystem for linux (wsl) has not been released for a long time, but there is already malicious code targeting this system.
- Detecting new malicious code capable of 'evading' most anti-virus softwarecybersecurity experts at hp company (usa) have discovered a new malware that is able to evade most anti-virus software. the new malicious code is named ratdispenser.
- The scary scenario of the spread of GhostCtrl malware on Android devicescurrently, there is only one variant of ghostctrl malware on android that shakes the world of cyber security. how does this variation work and how to prevent it? please follow the article for more details!
- Detecting SharkBot malware hiding in anti-virus applications on Google Playsomehow, the sharkbot anti-virus application has been approved on the google play store.
- How to protect bank accounts, Facebook, ... from appropriationthese types of hidden extensions containing malware can steal personal information, attack bank accounts, gmail, facebook, ... easily.
- What is Safe Malware? Why is it so dangerous?remote access trojan (rat) is a type of malware that allows hackers to monitor and control the victim's computer or network.
- Detecting a new strain of malicious code that abuses Windows Installer to deploy infection activitiessecurity researchers at red canary have discovered a new windows malware capable of spreading by means of an external usb drive. this malware is associated with an agent group called raspberry robin, which was first observed in september 2021.
- Detect new Android malware fake system update to track and steal user informationthe malware can disguise itself as a system update and is designed to automatically activate whenever new information is entered into a device.
- Detecting a new ransomware strain, not asking for data ransom, but only needing the victim to join the Hacker's Discord serverinternational security researchers have just stumbled upon a strain of ransomware that possesses rather strange behavior. called 'hog', this ransomware still enters the system and encrypts the victim's files.