New version of Cerberus is not yet for sale on hacking forums.
Cerberus, a malware strain targeting Android devices, is now able steal one-time passcodes generated through the Google Authenticator app, security researchers have claimed.
Launched in a bid to improve upon SMS-based one-time passcodes, Google’s app is used as a two-factor authentication (2FA) layer for many online accounts.
Generated on the user’s smartphone, Google Authenticator codes are considered more secure than SMS-based alerts as they do not travel through possibly-vulnerable mobile networks.
- You can now use an iPhone as a Google security key
- Here’s our list of the best hardware security keys on the market
- Google boosts 2FA security protection for G Suite
However, the latest iteration of the Cerberus banking trojan is capable of circumventing the protection afforded by Google Authenticator, security researchers from ThreatFabric have found.