Experts found a new version of the Cerberus Android banking trojan that can steal one-time codes generated by the Google Authenticator app and bypass 2FA.
Security researchers from ThreatFabric warn of a new Android malware strain can now steal one-time
The malware-as-a-service Cerberus has emerged in the threat landscape in August 2019
According to researchers at Threat Fabric who first analyzed the malicious code, Cerberus implements features similar to other Android RAT, it allows operators to full control over infected devices.
The malware implements banking Trojan capabilities such as the use of overlay attacks, the ability to intercept SMS messages and access to the contact list.
- taking screenshots
- recording audio
- recording keylogs
- sending, receiving, and deleting SMSes,
- stealing contact lists
- forwarding calls
- collecting device information
- Tracking device location
- stealing account credentials,
- disabling Play Protect
- downloading additional apps and payloads
- removing apps from the infected device
- pushing notifications
- locking device’s screen
The author of this malware is very active on Twitter and mocks security firms claiming to have avoided the detection for at least two years.
Now the authors implemented the ability to steal 2FA code from the Google Authenticator app abusing the Accessibility Privileges.
“Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from
Until now, experts have yet to find advertisements for these features in underground forums, a circumstance that suggests that this variant of Cerberus is still in the test phase.
The
[adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]