Android Banking Malware Can Steal Google Authenticator Codes: Report

Security analysts declare {that a} comparatively new Android malware can now extract one-time passwords (OTP) generated by Google’s authenticator app. The Google Authenticator app was launched in 2010 as an alternative choice to SMS-based one-time passcodes, and is used for two-factor authentication (2FA) for numerous Google apps and providers equivalent to Gmail and YouTube. Google has not launched any statements in response to the claims made by the analysts within the report.

According to ThreatFabric, the workforce has discovered an Google Authenticator OTP-stealing functionality in current samples of Cerberus, the Android banking malware that first emerged in June 2019. However, it was additionally identified that the malware is more likely to be not dwell as no ads have been made in underground boards.

“We believe that this variant of Cerberus is still in the test phase but might be released soon. Having an exhaustive target list including institutions from all over the world, Cerberus is a critical risk for financials offering online banking services,” analysts said.

Related Post

Despite this, the word additionally identified that Cerberus shouldn’t be taken flippantly, because it consists of the capabilities of distant entry trojans (RATs), an advance class of malware. This malware may even pose critical threats to on-line banking providers.

To use Google Authenticator, a person is required to obtain the app from the respective app retailer of the machine. Instead of receiving a textual content message from the operator as sometimes seen in 2FA, the app shows six to eight-digits-long distinctive codes that customers should enter whereas attempting logging into an account. Find all of the related details about the Authenticator app right here.

As identified at first, Google has not issued statements over the considerations. However, the Alphabet-owned tech big would possibly possible be engaged on updates concerning its authenticator app as no instances of breach of this nature have been earlier reported. We’ve reached out to Google for an announcement, and can update this area if we hear again.

Source link

This post was last modified on February 28, 2020 8:15 am

Joy: Hi Folks. I am Jyoti, pursuing my passion to write content on Technology and Automobiles. I am a B.Tech (IT) graduate who loves to write content on different niche. Being passionate since college days, I took it as my full-time career. I started this blog to deliver unbiased reviews to the readers and let them choose the right product based on their reviews. If you want to contact me, you can drop your mail at

This website uses cookies.