New Android Malware Can Steal Google Authenticator 2FA Codes

Catalin Cimpanu, reporting for ZDNet’s Zero Day:

Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that’s used as a two-factor authentication (2FA) layer for many online accounts.

Google launched the Authenticator mobile app in 2010. The app works by generating six to eight-digits-long unique codes that users must enter in login forms while trying to access online accounts.

Not good.

Thursday, 27 February 2020