Microsoft Authenticator app also has same vulnerability
Researchers have discovered a new kind of malware which is able to steal the security codes generated by Google’s two-factor authentication (2FA) protection system.
The malware, dubbed Cerberus, is able to access the smartphone’s display and exploit the ability to capture screenshots of OTPs generated by the Google Authenticator app.
The malware could also exploit other kinds of similar service, such as Microsoft Authenticator.
- Android banking trojan steals Google two-factor authentication code
- You can now use an iPhone as a Google security key
- Norton LifeLock phishing scam infects victims with remote access trojan
The malware was discovered by security firm ThreatFabric, which reported it could let hackers manually access a victim’s device with the help of its remote access trojan feature.