A recent report by ThreatFabric, a security firm, announced that the two-factor authenticator, also known as 2FA, has flaws and is not entirely secure. One-time password verification system by Google Authenticator is used as an additional security layer on platforms like Gmail, YouTube, Facebook, Discord, Apple ID, and others.
The report, ‘2020-Year of the RAT’, displays an in-depth analysis of RATs, something predicted to be often used by threat actors. Cybercriminals can misuse RATs in combination with malware with an aim to gain complete remote access on a device.
As per the report, the Android-banking Trojan Cerberus when used along with RATs, it can steal OTP generated by Google Authenticator, as RATs potentially can download files from an infected device. Scarier than this is the malware’s ability to set up TeamViewer on the device to gain complete remote access.
With this type of ease in accessibility, cybercriminals can make the most of it by using all the apps and can also steal 2FA codes from Google Authenticator. Additionally, the report states that the Trojan can effectively circumvent OTP services as, “When the app (Google Authenticator) is running, the Trojan can get the content of the interface and can send it to the C2 server.”
Google Authenticator is an app primarily used to connect with various Google services and platforms. Users can also make use of the app to create accounts on supported platforms for more secure operations with the help of a 2FA code along with their password as a login routine.
Six to eight-digit-long, 2FA codes are unique and are changed over time, just like an OTP. Additionally, users can also make use of text authentication or back-up codes in case they don’t have access to the app.