It steals Google Authenticator codes, as well as PINs and pattern keys.
The Dutch company ThreatFabric, specializing in mobile security, spoke about a new malware threatening Android-based mobile devices.
The new version of the banking Trojan Cerberus is able to steal one-time codes generated by the Google Authenticator two-step authentication application. This application is one of the most popular for protecting accounts with two-step authentication.
Google launched Authenticator in 2010 as an alternative to sending SMS codes. Since such codes are generated on the user’s smartphone and are not transmitted over insecure networks, this method of protection is considered more reliable than SMS codes.
In addition to circumventing Google Authenticator, there is no problem for the Trojan to bypass the PIN code or unlock pattern.
The report notes that when Google Authenticator is running, the trojan can receive secret content and send it to its server.
According to experts, such a variation of Cerberus appeared in January 2020 and is not yet widespread and, apparently, is still in the testing phase. Such a trojan poses a serious threat to online banking services.