Surely brothers investors and crypto traders are no stranger to Google Authenticator – the app provides an additional layer of security with two-factor authentication (2FA) codes, helping people protect wallet or exchange accounts. Bitcoin transactions. Recently, security researchers at ThreatFabric of the Netherlands discovered a malicious code called “Cerberus” – which can extract OTP from Google Authenticator, thereby gaining access to services such as banks, email, social networks, wallets as well as exchanges crypto translation.
Cerberus banking Trojan – a new version of Cerberus, now able to steal Google Authenticator's Two-Factor Authentication (2FA) code, which is used as an additional safeguard when logging into accounts.
Google Validator is Google's alternative to two-factor SMS-based authentication, which can be blocked when sent via an external service provider.
Therefore, using an application to generate 2FA codes is considered a safer alternative to SMS. However, researchers from the company ThreatFoven have discovered a new version of the Cerberus Trojan that can steal information from Google Authenticator.
This means that in the near future, application-based 2FA may be as secure (not) as 2FA when the code is sent via SMS because the code can be stolen in both cases.
The Cerberus malware first detected in June 2019 now steals the Google Authenticator 2FA code by abusing Android access privileges.
“When the application is launched, the Trojan can retrieve the content of the interface and send it to the command and control server,” the ThreatFovena report said. “Once again, we can conclude that this functionality will be used to bypass code-based authentication services once.”
These stolen codes can be used to bypass 2FA for banks, email services, messaging apps and social networks.
Cerberus now features a remote access Trojan based on TeamViewer. The Trojan can download the content of the device and run TeamViewer, allowing the operator full access to the device remotely.
This new RAT module can be used by Cerberus operators to manage applications on infected Android devices, change device settings and use any installed apps as if they were own the equipment.
In addition, an attacker can use this malware to remotely unlock infected Android devices to commit fraud when the victim is not using the device.
At the time of the report's release, ThreatFoven did not see these new malware capabilities being advertised on hackers' forums or on YouTube channels where Cerberus was sold. This indicates that the upgraded malware is still in beta, although researchers think it “may be released soon.”
Maybe you are interested:
Join our channel to stay up to date on the most useful news and knowledge at:
According to Technology