Android Cerberus malware can hack Google Authenticator

Cerberus now has remote access trojan capabilities

An Android malware strain is now capable of stealing one-time passcodes (OTP) from the popular Google Authenticator app, security researchers have warned.

According to a report published this week by ThreatFabric, the Cerberus Trojan virus has been restructured and enhanced with the ability to steal multi-factor authentication (2FA) tokens from the Google Authenticator application.

Advertisement - Article continues below

Google Authenticator was launched in 2010 in order to make 2FA more secure. The application replaces the need to use SMS messaging to deliver OTPs, as that way they can be intercepted when travelling through insecure mobile networks. Instead, the codes are generated on the user’s smartphone and are valid for 30 seconds only.

The Cerberus malware was discovered last year as an Android banking Trojan. However, it was recently enhanced with RAT (Remote Access Trojan) abilities, significantly increasing its threat level.

As well as being able to tamper with the authenticator application, the Cerberus can also steal device screen-lock credentials - PIN codes and swipe patterns alike, allowing the hackers to “remotely unlock the device in order to perform fraud when the victim is not using the device”.

Related Resource

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

According to ThreatFabric, Cerberus can target communication applications such as Gmail, Outlook, and Telegram, as well as numerous banking applications, including Lloyds Bank Mobile Banking, Wells Fargo Mobile, and Santander.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

“We believe that this variant of Cerberus is still in the test phase but might be released soon,” ThreatFabric warned in their blog post.

“Having an exhaustive target list including institutions from all over the world, combined with its new RAT capability, Cerberus is a critical risk for financials offering online banking services.”

Earlier this month, Google purged as many as 24 Android applications from the Google Play Store, after they were found to harbour malware and rogueware. The apps, which totalled in 382 million active installations, were all linked to Chinese tech firm Shenzhen HAWK.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020