Advanced malware for Android can steal PINs, patterns and 2FA codes for Google Authenticator

Cybersecurity shouldn’t be taken lightly, especially with all the personal information we have on our devices. Two-factor authentication (2FA) is a great way to keep your accounts safe but it seems criminals have found a way around that method as well.

Around might not be the right word, actually. A new report from the security consulting firm ThreatFabric (via ZDNet) reveals some concerning developments in the shady world of malware.

Most notable of which is the upgrade that the Cerberus banking Trojan has received from its creators. The malware now has RAT (Remote Access Trojan) capabilities which unlock a set of “features” for those that opt to use it.

RAT can be used by hackers to record user’s unlock credentials, whether that’s a PIN or a swipe pattern. But that’s not all, now even Google Authenticator’s 2FA codes can be snagged by the malware. Google Authenticator is a popular tool that allows users to easily add an extra security layer.

With all that in their hands, the attackers have full access to the victim’s phone and from there they can get anything they want. Usually, the goal is to get into the person’s online banking and transfer funds to their own accounts.

According to the report, the Trojan can even set up a TeamViewer link so that the hackers can comfortably operate the victim’s phone when it’s not being used. That means text messages, social media accounts and photos are all exposed as well.

ThreadFabric thinks this advanced Trojan is still under development as “no advertisement for these features has yet been made in underground forums”  but it will likely be ready soon and up for grabs by criminals around the world.

Of course, knowing malware can do all that is the first step to preventing successful attacks. We’re sure measures are already being taken by Android and app developers. That’s why you should never skip installing security updates!