Google Authenticator App Codes Can Be Stolen by Android Malware Cerberus: ThreatFabric

Google has not issued a statements over the reports however, the tech giant might be working on an update.

Advertisement
By Abhik Sengupta | Updated: 27 February 2020 18:58 IST
Highlights
  • The particular malware is likely to be not live yet
  • It possesses the capability of accessing bank details
  • Google is yet to issue a response

Google authenticator app is at the potential risk of breach, report claims

Security analysts claim that a relatively new Android malware can now extract one-time passwords (OTP) generated by Google's authenticator app. The Google Authenticator app was launched in 2010 as an alternative to SMS-based one-time passcodes, and is used for two-factor authentication (2FA) for various Google apps and services such as Gmail and YouTube. Google has not released any statements in response to the claims made by the analysts in the report.

According to ThreatFabric, the team has found an Google Authenticator OTP-stealing capability in recent samples of Cerberus, the Android banking malware that first emerged in June 2019. However, it was also pointed out that the malware is likely to be not live as no advertisements were made in underground forums.

"We believe that this variant of Cerberus is still in the test phase but might be released soon. Having an exhaustive target list including institutions from all over the world, Cerberus is a critical risk for financials offering online banking services," analysts said.

Advertisement

Despite this, the note also pointed out that Cerberus should not be taken lightly, as it includes the capabilities of remote access trojans (RATs), an advance class of malware. This malware can even pose serious threats to online banking services.

Advertisement

To use Google Authenticator, a user is required to download the app from the respective app store of the device. Instead of receiving a text message from the operator as typically seen in 2FA, the app displays six to eight-digits-long unique codes that users must enter while trying logging into an account. Find all the relevant information about the Authenticator app here.

As pointed out in the beginning, Google has not issued statements over the concerns. However, the Alphabet-owned tech giant might likely be working on updates regarding its authenticator app as no cases of breach of this nature were earlier reported. We've reached out to Google for a statement, and will update this space if we hear back.

 
Post your comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Further reading: Google Authenticator, Authenticating Apps, Authenticator Apps, Google, Two Factor Authentication, Two Factor Verification, 2FA, Cerberus
Nubia Red Magic 5G Will Have an Exciting Colour Combination, TENAA Listing Tips
Sonic the Hedgehog Movie Review: Trying to Be Deadpool for Kids, but Missing Sonic’s Appeal
Advertisement

Related Stories

Android Phones Susceptible to ‘Pixnapping’ Attack That Steals 2FA Codes, Messages and More, Researchers Say
14 October 2025
Gmail to Replace SMS Authentication With QR Codes for Two-Factor Authentication
25 February 2025
Google Begins Rolling Out Passkeys, as a More Secure Way to Sign Into Apps and Websites
4 May 2023
Google Authenticator Finally Adds Support for Syncing OTPs With Google Accounts: How it Works
25 April 2023
Google Authenticator Removes Click to Reveal PIN Feature With Latest Update
18 July 2022
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Here's How Much the Vivo V70 Series Could Cost in India
  2. Motorola Edge 70 Fusion Hits Geekbench With This Snapdragon Chipset
#Latest Stories
  1. Young Sherlock Now Set for OTT Release on OTT: What You Need to Know About Guy Ritchie’s Mystery Thriller
  2. NASA’s Miner++ AI Brings Machine Digs Into TESS Archive to the Hunt for Nearby Earth-Like Worlds
  3. iQOO 15 Ultra Confirmed to Feature Touch-based Shoulder Triggers With Haptic Feedback
  4. Invincible Season 4 OTT Release: When and Where to Watch the Highly Anticipated Viltrumite War Online?
  5. iPhone Shipments in India Rise to 14 Million Units in 2025 as Apple Sees Record Year: Report
  6. Oppo Find N6 Listed on TDRA Website, Hinting at Imminent Launch in the UAE
  7. NASA’s JWST Uncovers a ‘Feeding Frenzy’ That Births Supermassive Black Holes
  8. NASA Confirms Historic Artifacts Will Fly on Artemis II Moon Mission
  9. Hubble Reveals How Blue Straggler Stars Stay Young in Ancient Clusters
  10. NASA Tests New Wing Design That Could Transform Airliner Efficiency
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.