The Latest Version of Cerberus Android Banking Malware Can Hack Accounts Protected by Two-Factor Authentication (2FA)

Mobile malware is constantly evolving and getting more sophisticated. The new version of the mobile trojan Cerberus proves this. It can now bypass security measures provided by two-factor authentication (2FA) apps, such as Google Authenticator.

Cerberus, a remote access trojan, was first detected in June 2019. Once installed on the victim’s device, it abuses several well-known Android permissions to conduct overlay attacks or intercept authentication codes sent via SMS message.

The “new and improved” version of Cerberus goes one step further. It uses the Android accessibility services to steal one-time passcodes generated by Google Authenticator and similar authenticator apps. Once the attacker gains control of the user’s device, the OTP generated through an authenticator app can be stolen for any type of user’s account, such as email inboxes, intranet or social media services. As a result, Cerberus poses a severe threat to banking applications, as well as other online services protected by software 2-factor authentication.