Google Authenticator can’t keep your 2FA codes safe from this malware

The banking trojan Cerberus is currently testing a version that can steal 2FA codes from Google Authenticator.

google-account-two-factor-hero-joe-pixel

What you need to know

  • Dutch research firm ThreatFabric has discovered malware that can steal two-factor authentication codes from Google Authenticator.
  • Cerberus is the name of the banking trojan, but the strain that can steal 2FA codes is currently in testing and not yet available.
  • In general, it is more secure to use an app to generate 2FA codes such as Google Authenticator instead of using SMS.

Two-factor authentication or 2FA is a commonly used system to help protect your online accounts. It requires a user to enter an additional code when logging in, which is usually sent through SMS or generated with an app. In general, it is best to use an app to generate the code, such as Google Authenticator, instead of allowing it to be sent over the network to your phone where you run the risk of it being intercepted.

Unfortunately, security researchers from ThreatFabric recently discovered a strain of the Cerberus banking trojan, which can steal 2FA codes from Google Authenticator.

Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from Google Authenticator application.

When the [Authenticator] app is running, the Trojan can get the content of the interface and can send it to the [command-and-control] server.

In the report, the Dutch mobile security firm said, “We believe that this variant of Cerberus is still in the test phase but might be released soon.”

While Cerberus is primarily a banking trojan, the researches note that it now includes many features found in traditional remote access trojans. This would allow users with Cerberus to remotely access your phone and access your bank account, including stealing the 2FA code if needed. It would also allow the attacker to access any other accounts you have enabled two-factor authentication on, such as your email, social media, shopping sites, and more.

Fortunately, for the time being, the Cerberus variant with 2FA stealing capabilities appears to still be in testing, and not out in the wild. Hopefully, by the time it has launched, Google will have found a way to prevent it from accessing two-factor authentication codes.

Two-factor authentication: Everything you need to know

Related posts

Latest posts

Microsoft is axing support for its own apps on Windows 10

Although Microsoft is allowing people to keep using Windows 10 for another year, it won't be supporting Microsoft 365 apps during that time.

Google is about to give its Gemini AI a transfusion of accurate news

Google announced Wednesday that its Gemini AI is coming to enterprise subscribers and that real-time AP news is coming to Gemini chats.

Future Samsung phones may get a wireless charging upgrade we’ve waited years for

Samsung may upgrade their future phones with a wireless charging chip that allows them to receive charging speeds of 50W. That's significantly faster than we're getting with our current phones.

The Astropad Bookcase turns your iPhone into an e-reader

This case gives you a pseudo e-reader experience for your iPhone or Android phone, if that's something you've been searching for.

Samsung teases big next steps for Galaxy AI’s ‘multimodal’ Sketch to Image

Samsung teased what's next for its Sketch to Image feature for S Pen-capable devices.

The Galaxy S25 series cases leak as a retailer slips up in an early listing

The cases for the Galaxy S25 series were spotted in an early retail listing.

Samsung reboots its trade-in program for Galaxy phones, and this one detail is an absolute game-changer

Samsung has transformed its trade-in program so you no longer need to make a purchase to receive loads of money

A major Galaxy S25 Slim render leak might be your best look at its thinness

A host of Galaxy S25 Slim have supposedly been leaked.

Google Home Public Preview snags CO alarm and expanded smart lock support

Google detailed what's next for its Public Preview testers in the Home app.

The latest Galaxy S25 leak gives us a glimpse of a new One UI 7 feature in action

Samsung's S25 leaks are coming in hot as we are exactly one week away from the Unpacked event set for