Two factor authentication via on-phone authenticators expected to be compromised

If you use two factor authentication one time passwords, such as those generated by the Google Authenticator app (among others,) a new strain of of the Cerberus banking trojan has you targeted.

The new version being sold on the dark web allows for stealing of PIN and lock patterns, abusing the Accessibility privileges to launch and grab Authenticator one time pass codes.

But really on further inspection, it allows someone to take over your device so whatever you can do on your unlocked phone they can do. Whatever you see, they can see, so while Google Authenticator is explicitly listed in the ZDNet and threatfabric writeups, any authentication code generator on your phone is at risk.

Click that last link and scroll to Cerberus. It’s basically installing a remote control app and then whatever happens happens. Stealing 2FA OTP codes may not be what it’s used for, people might start drawing Captain Morgan mustaches on your photos, but probably not.

[ThreatFabric via ZDNet]
Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts