UNITED STATES (OBSERVATORY NEWS) — Experts from the cyber defense company Threat Fabric announced the spread of a new version of the banking Trojan Cerberus. The malware, experts warned, learned to steal one-time passwords that are generated through the Google Authenticator Android application.
Google launched Authenticator in 2010. This utility is used to protect accounts using two-factor authentication. The application generates a unique, one-time 2FA code of 6-8 digits in length, which must be entered along with the username and password when entering the account.
Authenticator is believed to be more reliable than SMS codes that can be intercepted. The program does not require an Internet connection and cellular networks, and 2FA codes are generated locally – right on the device, and are not transmitted anywhere, writes ZDNet.
However, Threat Fabric found that fresh samples of Cerberus, a relatively new Trojan first seen last June, are able to steal codes generated by Authenticator. Using access to functions designed for people with disabilities, malware can record the contents of the screen and send it to a server controlled by intruders.
With a one-time code, cybercriminals can freely log in to the online bank and steal money from the victim. Other accounts with 2FA protection, including mailboxes and social networks, are also subject to hacking.
The Trojan’s ability to intercept Authenticator codes is still being tested. Nevertheless, according to Treat Fabric, the new feature is being actively advertised in hacker forums and may be launched soon.
This article is written and prepared by our foreign editors writing for OBSERVATORY NEWS from different countries around the world – material edited and published by OBSERVATORY staff in our newsroom.
Contact us: [email protected]