- Tram Ho
Launched in 2010 by Google, the Google Authenticator mobile app is being used by many as a popular 2-factor authentication tool for online accounts. However, recently security researchers said an Android malware sequence can now extract and steal OTP code generated by this application.
As an alternative to Google for sending OTP codes via SMS, Google Authenticator works by generating a random series of 6 to 8 digits right in the app every time a user needs to log in. online account. This helps to keep these OTP codes safe from interference and copying when sent via SMS.
But in its newly released report, security researchers from Dutch mobile security firm ThreatFabric said they had discovered a malware capable of stealing Google Authenticator’s OTP authentication code. This malware appears in many Cerberus models, a relatively new Android trojan that is aimed at stealing banking app credentials.
According to ThreatFabric: ” Abusing the privilege in Accessibility settings, this trojan can steal the 2-layer authentication code of the Google Authenticator application. When the application (Authenticator) runs, this Trojan can get content on the surface. the application and send it to the malware server . ”
However, ThreatFabric also reassured people that this feature does not appear in versions of Cerberus distributing ads, which are often sold on hack tool forums. ” We believe this version of Cerberus is still in beta, but will be released in the near future .”
Now even versions of Cerberus stealing login information into banking apps are already very dangerous, as they allow hackers to remotely access the user’s device. Now when combined with the ability to steal OTP code on Google Authenticator, its risk is doubled.
These features allow a hacker to remotely access an infected device, using available credentials to gain access to an online bank account. Then, using the stolen OTP codes from the Google Authenticator application, hackers could bypass two-step authentication methods on online accounts to perform malicious behaviors without the users’ knowledge.
Not only that, hackers can also take advantage of this feature to access other types of online accounts such as email, social networks or even intranet networks in organizations.
Refer to ZDNet
Source : Genk