• Home
  • Apps
  • Apps News
  • Flaw That Allows a Malware to Steal 2FA Codes from Google Authenticator Could Have Been Fixed Long Back

Flaw That Allows a Malware to Steal 2FA Codes from Google Authenticator Could Have Been Fixed Long Back

The issue with Google Authenticator allowing screenshots was flagged way back in 2014.

Flaw That Allows a Malware to Steal 2FA Codes from Google Authenticator Could Have Been Fixed Long Back

Google Authenticator was launched in 2010, as a safer alternative to sending OTPs over SMS

  • Cerberus malware take screenshot of Google Authenticator using RAT
  • Screenshots can be blocked using a simple FLAG_SECURE command
  • The issue was first flagged to Google in 2014

Last month, a Dutch cyber-security firm ThreatFabric discovered the first-ever malware that could hack Google Authenticator application to extract one-time passcodes from a user's device by taking a screenshot of a user's screen with Google Authenticator open. The malware, named Cerberus, was under development when it was found and the ThreatFabric report did not find any real-world attacks using the malware. Now, a new research has looked into the malware's ability to access the content on a user's screen. It says that this can be easily prevented by using a simple FLAG_SECURE command that prevents any attacker from gaining access to the user's screen content.

The new research from Night Watch Cybersecurity says that many Android applications with higher security requirements also use the FLAG_SECURE protocol. Night Watch Cybersecurity also filed a bug report with Google, which then filed an internal bug. They say that Google has not informed if the bug has been fixed, and that their internal tests reveal that the bug is still present, hence attackers can still take the screenshot of Authenticator on a victim's phone.

The report says that a Github user had flagged the issue way back in 2014. Nightwatch also says that they themselves flagged the issue to Google's security team earlier in 2017 as well. However, all they got was a bounty response the next day. The report also said that the Microsoft Authenticator also comes with the same flaw. Despite them blogging about it in 2018, the issue still remains in the Microsoft application.

The Cerberus malware is a new Android banking trojan that surfaced in 2019. It is a hybrid between a banking trojan and a remote access trojan that allows the attacker to generate OTPs on a victim's Google Authenticator app and take screenshots of the code using the Remote Access Trojan (RAT). It uses a simple technique of taking screenshots of the Authenticator app's interface, the ThreatFabric report had said last month.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jio's Rs. 4,999 Long Term Prepaid Plan Returns With 360 Days Validity, 350GB Data
Pushpavalli Season 2 Trailer: Sumukhi Suresh Is Back to Make Amends / Take Revenge

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment




© Copyright Red Pixels Ventures Limited 2022. All rights reserved.