Detecting Android malware can easily steal OTP code without the victim knowing
International security experts have recently discovered an Android malware variant that can extract and steal one-time-use passwords (OTP) created through the Google Authenticator application.
This malware is called Cerberus - a relatively new banking trojan, first discovered in 2019, specializing in 'parasites' on Android, and especially possesses a special talent that makes it dangerous: Possibility of stealing OTP Authenticator.
Compared to last year's version, the current variant of Cerberus possesses some significantly more advanced capabilities. After successfully infiltrating the victim system, it can abuse access privileges to steal 2FA code, collect data from the Authenticator application and send it to the server controlled by the attacker.
If you don't already know, Authenticator is a 2-step verification code (2FA) device on your phone, launched in 2010 as an alternative to traditional one-time verification codes based on traditional SMS. Authenticator provides a better layer of security for users' Google accounts by requiring a second verification step when signing in. In addition to the password, you will need the code generated by the Google Authenticator app on your phone. After the account setup and linking steps, Authenticator will generate 6-8-digit OTP codes and provide them to users when they log into their respective accounts.
So how can this new Cerberus variant steal information from the Authenticator. Experts have found a range of features typical of the advanced remote access trojan (RAT) exist on this malicious code.
- It can connect remotely and automatically to an infected device.
- It can collect and use victims' information and data to access their online accounts - a major threat to online banking services, email, archives, transmission accounts. social media, intranet, etc.
However, the 2FA code theft feature is not yet available in the Cerberus version currently being advertised and sold on hacked forums. Security researchers therefore believe that this new Cerberus variant is still in beta, but it is likely to be released soon.
Google has not provided any feedback on the information, but the security patches for Android in general and the Authenticator application in the near future must contain a 'definite' solution to malicious code. this.
You should read it
- Malware WSL appeared with the ability to steal browser authentication cookies
- Appears new malware specializing in stealing Steam, Epic Games and EA Origin accounts
- What is FormBook Malware? How to remove?
- 5 types of malware on Android
- How many types of malware do you know and how to prevent them?
- 10 typical malware types
- What is Malware Joker? How to fight Malware Joker?
- Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accounts
- What is Safe Malware? Why is it so dangerous?
- Can a VPN Fight Malware?
- What is Goldoson Malware? How can you protect yourself?
- Modular Malware - New stealth attack method to steal data
Maybe you are interested
Why use 1Password instead of Google Authenticator?
How to use Microsoft Authenticator as a password manager
Google Authenticator adds an important feature that's been waiting for 13 years
5 Best Alternatives to Google Authenticator
Microsoft updates many more enterprise security features for Authenticator
How to use the Microsoft Authenticator app