2-step verification is the recommended way to protect your accounts, because it prevents someone from accessing the code needed to be sent via SMS or that we get to use apps like Google Authenticator. This route is presented as the safest and millions of users on Android are using it. Unfortunately, you can get confused.
Investigators at Threatfabric discovered new malware. This is a new malware, which seems like a new variant of Cerverus Trojan has ability to access 2FA codes in Google Authenticator
Google Authenticator: what it is, how it is configured and how it is used
Do you want to use 2-step verification for your accounts? Find out how to use Google Authenticator on your Android phone.
New malware
To access Google Authenticator 2FA codes, this malware uses permissions access. When an app is running, Trojan has access to the interface content, so that it can recognize and send these codes to the server. It follows that it is used in this way to skip authentication services.
This new threat is not exacerbating, as stated in the Threatfabric report, which leads us to believe that it is still being tested. But it can be imagined a threat when using your bank system, a threat similar to the one we saw a few months ago. In addition to being a threat to any account with 2-step verification and Google Authenticator is used to obtain access codes.
These are the types of 2-step verification requests They are considered safe, because it is easy to break the code sent by SMS. Although these threats suggest that these types of applications may also be prone to security breaches at some point.
Google must act quickly, to improve security in Google Authenticator and Android in general, as it can affect other 2FA code applications, to protect users from victims of this malware. So far, no cases have been reported, but it is worth noting that this potential threat is widespread.
