An anonymous reader shares a report: Last month, a cybersecurity firm discovered the first-ever Android malware that came with the capability to steal the 2FA (two-factor authentication) codes generated by the Google Authenticator app. The malware, discovered by researchers from ThreatFabric, was named Cerberus, and its 2FA OTP code-stealing feature was still under development, yet to have been detected in a real-world attack. According to researchers, the malware was a hybrid between a banking trojan and a remote access trojan (RAT).
Once an Android user got infected, the hacker would use the malware’s banking trojan features to steal credentials for mobile banking apps. If an account was protected by 2FA, and namely by the Google Authenticator app, the malware was designed to allow the Cerberus gang to connect to a user’s device manually, via its RAT features. Hackers would then open the Authenticator app, generate one-time passcodes, take a screenshot of the codes, and then access the user’s account. […] Nightwatch researchers said that Google could have fixed this issue as early as October 2014, when this misconfiguration was first brought to its attention by someone on GitHub.