This newly found Android malware can steal Google Authenticator app codes

Even though Google has not issued any statement, ThreatFabric, a security firm said in a threat report that Google Authenticator App codes can be stolen by an Android malware

Google Authenticator is arguably the most popular app to protect digital accounts and services. But security researchers found a new form of Android malware which is capable of stealing two-factor authentication or 2FA codes, which is one of the best ways to ensure the security of digital accounts.

As per the researchers at security firm Threatfabric, a variant of the Cerberus banking Trojan was found in January 2020 that first emerged in June 2019.

A Galaxy S6 Edge phone Kārlis Dambrāns/Wikimedia Commons

The new Android malware

It should be noted that as per the threat report released by the security firm, Threatfabric "Abusing the Accessibility privileges," the Trojan malware can steal 2FA codes from Google Authenticator app. They said when the app is running, the advance class of malware can access the content of the interface and then send it to the C2 [command and control – ed] server.

They also added that "Once again, we can deduce that this functionality will be used to bypass authentication services that rely on OTP codes."

The security firm revealed that the newly found Trojan malware feature has not yet been advertised on underground forums which suggest that its capability is still under the testing period. However, as per Threatfabric, the malware which includes the capabilities of remote access trojans (RATs) still presents a major threat to online banking services and to the other accounts as well as services that use 2FA procedure which includes email, Google accounts, YouTube and more.

Google Authenticator app

Several technology experts consider Google Authenticator as more secure than SMS-based 2FA. However, it should be noted that two-factor codes via text message can be interrupted and there have been numerous cases of SIM swap frauds which allow threat actors to gain these security codes.

After the release of the threat report, the tech giant Google has not issued statements over the Trojan malware. But it can be assumed that the technology company might likely be working on updates regarding the authenticator app as no cases of such breach was reported earlier. Hopefully, Google shore up Android's defences against this malware.

Google Authenticator
Google Authenticator Play Store