A new malware called Cerberus now targets Android-based smartphones by stealing passwords provided by the Google Authenticator app, a new cyber-security report by ThreatFabric states.
As reported by the research group, Cerberus can do something that very few other Trojans are able to – mess with the Google Authenticator app and steal its one-time codes which are often used to secure access to Bitcoin wallets or accounts on digital exchanges.
Until now, this Google app was believed to be the best protection, much more efficient than SMS-based security codes.
The ThreatFabric report says that the modern versions of this Trojan have been significantly improved and their functionalities are now close to those of remote access Trojans. The latter are believed to be a very powerful type of malware.
The researchers say that, so far, the upgraded Trojan has not been shared on hacker forums. However, this may well happen in the near future, they warn.