Google Authenticator App Codes Can Be Stolen by Android Malware Cerberus: ThreatFabric

Google has not issued a statements over the reports however, the tech giant might be working on an update.

Advertisement
By Abhik Sengupta | Updated: 27 February 2020 18:58 IST
Highlights
  • The particular malware is likely to be not live yet
  • It possesses the capability of accessing bank details
  • Google is yet to issue a response

Google authenticator app is at the potential risk of breach, report claims

Security analysts claim that a relatively new Android malware can now extract one-time passwords (OTP) generated by Google's authenticator app. The Google Authenticator app was launched in 2010 as an alternative to SMS-based one-time passcodes, and is used for two-factor authentication (2FA) for various Google apps and services such as Gmail and YouTube. Google has not released any statements in response to the claims made by the analysts in the report.

According to ThreatFabric, the team has found an Google Authenticator OTP-stealing capability in recent samples of Cerberus, the Android banking malware that first emerged in June 2019. However, it was also pointed out that the malware is likely to be not live as no advertisements were made in underground forums.

"We believe that this variant of Cerberus is still in the test phase but might be released soon. Having an exhaustive target list including institutions from all over the world, Cerberus is a critical risk for financials offering online banking services," analysts said.

Advertisement

Despite this, the note also pointed out that Cerberus should not be taken lightly, as it includes the capabilities of remote access trojans (RATs), an advance class of malware. This malware can even pose serious threats to online banking services.

Advertisement

To use Google Authenticator, a user is required to download the app from the respective app store of the device. Instead of receiving a text message from the operator as typically seen in 2FA, the app displays six to eight-digits-long unique codes that users must enter while trying logging into an account. Find all the relevant information about the Authenticator app here.

As pointed out in the beginning, Google has not issued statements over the concerns. However, the Alphabet-owned tech giant might likely be working on updates regarding its authenticator app as no cases of breach of this nature were earlier reported. We've reached out to Google for a statement, and will update this space if we hear back.

 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Google Authenticator, Authenticating Apps, Authenticator Apps, Google, Two Factor Authentication, Two Factor Verification, 2FA, Cerberus
Nubia Red Magic 5G Will Have an Exciting Colour Combination, TENAA Listing Tips
Sonic the Hedgehog Movie Review: Trying to Be Deadpool for Kids, but Missing Sonic’s Appeal
Advertisement

Related Stories

Android Phones Susceptible to ‘Pixnapping’ Attack That Steals 2FA Codes, Messages and More, Researchers Say
14 October 2025
Gmail to Replace SMS Authentication With QR Codes for Two-Factor Authentication
25 February 2025
Google Begins Rolling Out Passkeys, as a More Secure Way to Sign Into Apps and Websites
4 May 2023
Google Authenticator Finally Adds Support for Syncing OTPs With Google Accounts: How it Works
25 April 2023
Google Authenticator Removes Click to Reveal PIN Feature With Latest Update
18 July 2022
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Vivo X300 Series Launching Today: Everything You Need to Know
  2. Nothing Phone 3a Lite Launched With Glyph Light At This Price
  3. Amazon Fire TV Stick 4K Select Launched in India With Vega OS
  4. Instagram Lets Some Users 'Tune' Their Reels Algorithm
  5. Grammarly Rebrands to Superhuman, Introduces New Agentic AI Assistant
  6. iQOO 15 Colourways, Key Features Teased Ahead of Launch in India
  7. Samsung Wallet Adds Digital Car Key Support in India: 5 Things to Know
  8. Moto G67 Power 5G India Launch Date, Key Features Announced
  9. Microsoft Azure Outage: What Caused the Issue, How It Was Resolved
  10. Vivo X300 Series Price, Key Features Leaked Ahead of Global Launch
#Latest Stories
  1. PS Plus Monthly Games for November Include Stray, EA Sports WRC 24 and Totally Accurate Battle Simulator
  2. Vivo S50 Pro Mini Key Specifications Tipped Ahead of China Launch; Could Debut Globally as Vivo X300 FE
  3. Google Confirms Gemini 3 AI Model Release Timeline: Tipped to Offer Improved Reasoning
  4. Grammarly Rebrands to Superhuman, Introduces New Agentic AI Assistant
  5. Microsoft Azure Services Restored After Global Outage: What Caused the Issue, How It Was Resolved
  6. Microsoft CEO Satya Nadella Will Reportedly Visit India in December; Could Address Two AI Conferences
  7. Gemini for Home Voice Assistant Early Access Rollout Begins: Check Compatible Speakers, Displays
  8. Instagram Tests New Feature That Lets Users Customise Their Reels Algorithm
  9. Realme C85 Pro Hands-On Images Reportedly Reveal Design, Colour Options Ahead of Launch
  10. Vivo X300 Series Launching Today: Know Price, Features and Specifications
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.