A new virus is attacking Google 2FA app

[Saint-loup]

It seems 2FA authentification is not totally safe anymore.

A new malware called Cerberus now targets Android-based smartphones by stealing passwords provided by the Google Authenticator app, a new cyber-security report by ThreatFabric states.

As reported by the research group, Cerberus can do something that very few other Trojans are able to – mess with the Google Authenticator app and steal its one-time codes which are often used to secure access to Bitcoin wallets or accounts on digital exchanges.

Until now, this Google app was believed to be the best protection, much more efficient than SMS-based security codes.
https://u.today/bitcoin-btc-wallets-may-be-in-danger-as-new-trojan-compromises-google-2fa
https://www.threatfabric.com/blogs/2020_year_of_the_rat.html

[1715156086]

1715156086

[1715156086]

1715156086

[NeuroticFish]

Although it's not perfect, Aegis can be a good alternative. There's quite a review here: https://bitcointalk.org/index.php?topic=5192978.0
I'm using it for some months now.

The difference is that Aegis keeps its data password protected and can be exported/imported too.

[princerepon]

I don't know how much trust able your source is. That article have no strong point or source that can say it's a believe able news. So i'll take it as a hype news until Google confirm about that. But if this is happening then many users are going to be suffer whom use Google 2FA app for their security. And i don't think there is any crypto related person whom don't use this app. According to google play store around 10M+ people use this app. So hope we'll know more details about it in very short time.

[pakhitheboss]

It seems 2FA authentification is not totally safe anymore.

A new malware called Cerberus now targets Android-based smartphones by stealing passwords provided by the Google Authenticator app, a new cyber-security report by ThreatFabric states.

As reported by the research group, Cerberus can do something that very few other Trojans are able to – mess with the Google Authenticator app and steal its one-time codes which are often used to secure access to Bitcoin wallets or accounts on digital exchanges.

Until now, this Google app was believed to be the best protection, much more efficient than SMS-based security codes.
https://u.today/bitcoin-btc-wallets-may-be-in-danger-as-new-trojan-compromises-google-2fa
https://www.threatfabric.com/blogs/2020_year_of_the_rat.html

If this true! Which I doubt, then user using Google authenticator are no more safe now. I personally use it for all my crypto transactions.

I have heard a lot about Authy as an alternative to google authenticator but never tried it. It is better to wait for an official announcement from Google before coming into any conclusions.

[Youghoor]

OMG! this is serious    i thought google authentication was one of the best ways of securing your crypto accounts and wallets but this does not seem to be the case anymore. Anyway, how does this actually get to spread. Does this malware spread through any network or these hackers can send it through your mail or probably they can embed it in any other google app for users to download without their knowledge.
I believe if we can know how exactly this is spread we can avoid catching this malware in the first place.

[fiulpro]

But one should also understand that ,
How does Virus enter the mobile ?

 *Clicking any unknown link
 *Going on any unknown website
 *Downloading something from a site you barely know about
 *Using things to download app other than Google play
 
Etc.

It's very basic , if you stay clear of all these things , you won't have any problem with this Virus.

[kryptqnick]

It seems 2FA authentification is not totally safe anymore.

A new malware called Cerberus now targets Android-based smartphones by stealing passwords provided by the Google Authenticator app, a new cyber-security report by ThreatFabric states.

As reported by the research group, Cerberus can do something that very few other Trojans are able to – mess with the Google Authenticator app and steal its one-time codes which are often used to secure access to Bitcoin wallets or accounts on digital exchanges.

Until now, this Google app was believed to be the best protection, much more efficient than SMS-based security codes.
https://u.today/bitcoin-btc-wallets-may-be-in-danger-as-new-trojan-compromises-google-2fa
https://www.threatfabric.com/blogs/2020_year_of_the_rat.html

Apparently, it's not totally safe for a variety of reasons. Honestly, I thought that it was a great method to protect my funds, but these days I am starting to rethink it. This malware is one thing, but there's also the infamous SIM Swapping of which you've probably heard, and it also compromises the 2FA. I guess we can never be completely safe, every method has its risks. For instance, in the case of super safety from the outer world, there's a danger of losing the essential info to open a wallet which to me seems even more realistic than getting hacked, to be honest.

[hatshepsut93]

Since exchanges are already so centralized and do KYC, I think they should behave more like banks and add more security checks to users operations. This is usually done via algorithmically assessing risks, and when needed, requesting additional input from the user (sending sms, email, delaying transactions, manual verification, etc.). Yes, this is ugly, and against the spirit of the crypto, but exchanges are already so far from how people imagined crypto will be used, so this measure will do more good than harm.

[pawanjain]

I was actually doubting the OP since I thought the news is fake but then I thought of searching it on google.
What an irony, searching about google on google, lol 
Anyway, the top 3 results were

Android malware can steal Google Authenticator 2FA codes
Google Authenticator Is Vulnerable To Android Malware, Can Steal 2FA Codes
2FA apps like Google Authenticator reportedly vulnerable to malware snooping

Just enter in google search " google authenticator vulnerability " and look for yourself
I guess the news is actually true.

[rdluffy]

Wow, even this authenticator is suffering

I stopped using Google's 2fa because it's very risk if you lose your smartphone or android corrupts...now I use Authy, it's way better than Google's, and if you lose your device, you have a master password to recover, and you can use on PC, Laptop, Smartphones...

[dothebeats]

Since exchanges are already so centralized and do KYC, I think they should behave more like banks and add more security checks to users operations. -snip

I agree. There should be some form of new checks that exchanges should do in the event of a new device signing in on the account. Such practice would potentially avert any hacks or account hijacking that would be done the hackers, and is actually a good measure of imposing security to the user's accounts. I know that some exchanges are already doing this, and should do it even more so as to mitigate the damage done or at least lessen the affected users on the exploit.

Good thing my banks use SMS 2FA for a one-time passcode, though I think it's only a matter of time before hackers breach into that area of security, too.

[serjent05]

Good thing my banks use SMS 2FA for a one-time passcode, though I think it's only a matter of time before hackers breach into that area of security, too.

I think this is one of the best security ones that can do since it is hard for hackers to access both the 2fa and our mobile sim number to get the password for the account they intended to hack.  We can add another layer of protection by email verification code.

I wonder if the news about 2fa being compromised is true, haven't heard any reaction from Google about this rumor, if it is true then google would be fast enough to react on this and notifiy their users about the incident.

[mindrust]

It is times like these you feel good for using IOS instead of android. I am not saying IOS is completely superior but it being a closed box makes things harder for the hackers without a doubt.

hardware 2fa like this is probably better than both
https://www.yubico.com/

[squatter]

From the security researchers who disclosed the exploit:

In a report published this week, security researchers from Dutch mobile security firm ThreatFabric say they've spotted an Authenticator OTP-stealing capability in recent samples of Cerberus, a relatively new Android banking trojan that launched in June 2019.

ThreatFabric said this new feature is not yet live in the Cerberus version advertised and sold on hacking forums.

"We believe that this variant of Cerberus is still in the test phase but might be released soon," researchers said.

If this feature will work as intended and will ship with Cerberus, this will put the banking trojan in an elite category of malware strains.

Is the attack only effective against targets who are running Authenticator and inputting passwords on the same [Android] device? See here:

These RAT features allow Cerberus operators to remotely connect to an infected device, use the owner's banking credentials to access an online banking account, and then use the Authenticator OTP-stealing feature to bypass 2FA protections on the account -- if present.

If you isolate the device you use to access an exchange from the device providing OTP codes, you should be in the clear, right?

[Saint-loup]

Is the attack only effective against targets who are running Authenticator and inputting passwords on the same [Android] device? See here:

These RAT features allow Cerberus operators to remotely connect to an infected device, use the owner's banking credentials to access an online banking account, and then use the Authenticator OTP-stealing feature to bypass 2FA protections on the account -- if present.

If you isolate the device you use to access an exchange from the device providing OTP codes, you should be in the clear, right?

Yes of course, but I don't think many hackers would care about your OTP codes if they haven't steal your password before.   

[20kevin20]

It is times like these you feel good for using IOS instead of android. I am not saying IOS is completely superior but it being a closed box makes things harder for the hackers without a doubt.

hardware 2fa like this is probably better than both
https://www.yubico.com/

The closed-source nature of iOS makes everything worse imo. I'd rather go for an open source OS although it comes with vulnerabilities. In fact, nothing is 100% exploit-proof in the technology area as we've seen. There's always gonna be a little room for some exploit(s) to come in.

[squatter]

Is the attack only effective against targets who are running Authenticator and inputting passwords on the same [Android] device? See here:

These RAT features allow Cerberus operators to remotely connect to an infected device, use the owner's banking credentials to access an online banking account, and then use the Authenticator OTP-stealing feature to bypass 2FA protections on the account -- if present.

If you isolate the device you use to access an exchange from the device providing OTP codes, you should be in the clear, right?

Yes of course, but I don't think many hackers would care about your OTP codes if they didn't steal your password before.

Nobody should be logging into their accounts and generating OTP codes from the same device. That would render your device a single point of failure, which defeats the purpose of 2FA. Doing so from an Android device -- which are known to be highly vulnerable -- increases the risks all the more.

Since exchanges are already so centralized and do KYC, I think they should behave more like banks and add more security checks to users operations. This is usually done via algorithmically assessing risks, and when needed, requesting additional input from the user (sending sms, email, delaying transactions, manual verification, etc.).

Password, 2FA, and email verification should be enough to authorize irreversible withdrawals. That's 3 different systems that need to be compromised. If users employed proper isolation, such a compromise would be incredibly unlikely.

People should take this opportunity to improve their 2FA protocol -- isolate your device usage. Also, stop using Androids for anything security sensitive at all.

[dothebeats]

It is times like these you feel good for using IOS instead of android. I am not saying IOS is completely superior but it being a closed box makes things harder for the hackers without a doubt.

Technically, iOS is one of the most superior mobile operating systems there is currently, and nothing can top the security that they are giving to their users atm. Though again, at some point in time, there will be vulnerabilities and exploits that will be found on the said operating system which would make it somewhat insecure. For the meantime, if the FBI and NSA can't do jack shit on the said operating system with their top dogs, how could other hackers fare?

Sometimes, limitations on what one can do to its device offer a better deal, too.

Good thing my banks use SMS 2FA for a one-time passcode, though I think it's only a matter of time before hackers breach into that area of security, too.

I think this is one of the best security ones that can do since it is hard for hackers to access both the 2fa and our mobile sim number to get the password for the account they intended to hack.  We can add another layer of protection by email verification code.

Not really, SMS 2FA is more prone to MITM attacks than any other 2FA methods out there, so it's really hard to bank hard on this type of 2FA, too. I forgot to mention that aside from an SMS 2FA my bank sends me, they would also ask for an email 2FA to make it even more secure. Hassle, yes, but we're talking about money in here so it's all fine by me.

If you isolate the device you use to access an exchange from the device providing OTP codes, you should be in the clear, right?

Based on what they reported, yes. In order for the said exploit to work, your device on the OTP codes must be the same on where you log in, otherwise account hijacking won't work.

[FlightyPouch]

No way. I have a lot of accounts with 2FA, almost all of my accounts have it. This is just alarming, never thought that it would be breached like that. Most of the sites offer this as a security, and if this happening a lot of accounts will be hacked so easily since that is the first thing you will put when you log in. I will be removing mine now and renew my passwords.

[2020VISION]

lol this is something i've been saying for years, * 2fa password schemes are some bullshiT\_@@_/reeeee