Security researchers found that even Google Authenticator app isnโt reliable for secure logins. ThreatFabric researchers found malware thatโs capable of stealing 2FA codes from the Google Authenticator app, startling the MFA community. This was confirmed later by Nightwatch researchers as Google didnโt set an option that would prevent that app from taking a screenshot.
Alas, not even the 2FAs are secure now
New research by ThreatFabric reveals a new Android malware called Cerberus, which can steal 2FA codes from the Google Authenticator app! This wasnโt the cleverness of Cerberus though, but a mere stupidity by Google we can say.
Google since long has failed to put a simple code in one of its highly sensitive apps. Google Authenticator just lets any third-party app to capture a screenshot, letting the content to be copied and stolen by anyone. Cerberus was just one, thatโs found to be a hybrid product of banking malware and general Remote Access Trojan (RAT).
Once if the phoneโs being infected somehow, attackers can navigate to Google Authenticator app and use Cerberus to manually trigger a screenshot, thus copying the passcode content on screen. These letโs gain access to any sensitive services the victim uses. Though this malware is still under development, it has the potential to victimize many, in a short span of time.
Googleโs mistake!
Deep analysis by Nightwatch into this incident revealed that Googleโs Authenticator app is missing a key feature, thatโs letting happen this. Capturing a screenshot by third-party apps can be stopped if Google could have put a FLAG_SECURE option into its configurations. But it didnโt!
This flaw has first surfaced a user in GitHub, later pointed out by researchers too. Yet, no response from Google in fixing this! Few researchers after finding this vulnerability even suggested moving out from Google Authenticator to other 2FA apps too!
Via: ZDNet