NewsBytes
    Hindi Tamil Telugu
    More
    In the news
    Narendra Modi
    Amit Shah
    Box Office Collection
    Bharatiya Janata Party (BJP)
    OTT releases
    Hindi Tamil Telugu
    NewsBytes
    User Placeholder

    Hi,

    Logout

    India
    Business
    World
    Politics
    Sports
    Technology
    Entertainment
    Auto
    Lifestyle
    Inspirational
    Career
    Bengaluru
    Delhi
    Mumbai

    Download Android App

    Follow us on
    • Facebook
    • Twitter
    • Linkedin
    Home / News / Technology News / 'Cerberus' malware can steal 2FA codes from Google Authenticator
    Next Article
    'Cerberus' malware can steal 2FA codes from Google Authenticator

    'Cerberus' malware can steal 2FA codes from Google Authenticator

    By Shubham Sharma
    Feb 28, 2020
    07:40 pm

    What's the story

    Google Authenticator offers a secure way to get codes for two-factor authentication, the technique that protects online accounts from third-party hacks.

    The codes verify individual login attempts, but as it turns out, even the Google app is not safe anymore.

    A new report has revealed that malware can steal Google Authenticator codes, putting your online accounts directly at risk.

    Here's all about it.

    Issue

    Cerberus banking trojan stealing 2FA codes

    As Threatfabric reports, Cerebus, a banking trojan that has existed for months, has been updated with the ability to steal 2FA codes from the Google Authenticator app.

    The malware works when Authenticator is running and exploits accessibility privileges to get the entire content interface of the app.

    Then, it sends all that data to a C2 or command and control server.

    Risk

    Once code is stolen, accounts can be compromised

    Once a code gets into the hands of an attacker, they can easily use it for breaking into your 2FA-enabled account, be it an online banking account, a Google account, or a social media service like Twitter.

    "We can deduce that this functionality will be used to bypass authentication services that rely on OTP codes," Threatfabric said, while highlighting the risk of the trojan.

    Test

    However, as of now, the malware appears in testing

    Though Cerebus has been around for months, its updated variant still appears to be in the development phase.

    Specifically, Threatfabric says, the new capability of the banking malware is not being promoted on underground forums, which implies it is either unfinished or still in the testing phase.

    However, that might change soon, say by the end of 2020.

    Response

    No word from Google on the matter

    So far, Google has neither commented on the matter nor explained what it is doing to dodge this threat.

    Evidently, the malware can compromise other 2FA apps, which means the company needs to make some changes in Android permissions to make sure that the malware is no longer able to take advantage of device privileges for stealing codes.

    Facebook
    Whatsapp
    Twitter
    Linkedin
    Related News
    Latest
    X
    Malware
    Google

    Latest

    Tamil actor Vishal to marry actor Sai Dhanshika Tamil Cinema
    Huawei's latest innovation is an 18-inch foldable laptop Huawei
    HDFC Bank's latest feature helps you track your capital gains HDFC Bank
    Modi government mulls stricter foreign ownership rules for companies Indian Government

    X

    Japanese billionaire looking for a girlfriend for Moon trip Moon
    India needs CAA, but Modi's politics failed us Narendra Modi
    Meet Chandigarh's Harbhajan Kaur who launched her startup at 90 India
    Twitter will 'probably never' get an edit button, says Dorsey Social Media

    Malware

    Government's Cyber Swachhta Project reduces malware infections by 51% India
    Dangerous Android apps you need to uninstall right now Android
    Google removes fake version of WhatsApp from Play Store WhatsApp
    60 million Android users hit by cryptocurrency miner malware Android

    Google

    What is Pigweed? Google trademarks new operating system Android
    Google is planning 'something exciting' for Samsung Unpacked. But what? Samsung
    #BugAlert: Google voice typing gone haywire on Android phones Android
    Samsung Unpacked event: Galaxy S20, Z Flip, and Buds+ expected Samsung
    Indian Premier League (IPL) Celebrity Hollywood Bollywood UEFA Champions League Tennis Football Smartphones Cryptocurrency Upcoming Movies Premier League Cricket News Latest automobiles Latest Cars Upcoming Cars Latest Bikes Upcoming Tablets
    About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive Download DevBytes Find Cricket Statistics
    Follow us on
    Facebook Twitter Linkedin
    All rights reserved © NewsBytes 2025