Scary Android malware can steal your 2FA codes and swipe patterns

Android malware
(Image credit: Tom's Guide)

Android users, beware. A security consulting firm has identified a malware upgrade that can remotely access smartphones to steal unlock credentials and 2FA Google Authenticator codes.

The update report comes from Dutch mobile security firm ThreatFabric (via ZDNet) and details the alarming Remote Access Trojan (RAT) capabilities bestowed on the Cerberus banking Trojan that launched last summer. When enabled in a victim's phone, RAT features let Cerebrus operators record the user's unlock PIN, swipe pattern and even Google Authenticator's 2FA codes.

Google Authenticator is a useful tool that helps people add an extra layer of security to their important accounts, including those used for online banking. But according to ThreatFabric, Cerberus's new RAT powers would let attackers steal the 2FA code, access a victim's financial account and transfer funds to themselves.

Of course there's a plethora of information hackers could nab with Authenticator codes, but banking is Cerberus's usual target.

Because Google Authenticator codes are created and stored locally on phones, online accounts with 2FA layers from Authenticator are considered better protected than those that use one-time, SMS-based credentials.

But should Cerberus's RAT upgrade reach bad actors, Authenticator would be compromised. 

To some relief, ThreatFabric says the RAT feature is not active in version of Cerberus currently advertised and sold on hacking forums. However, researchers say it "might be released soon," meaning hackers could get their hands on the advanced malware.

Knowing that malware has these new capabilities likely means measures are already being taken by Android and app developers to bulk up software security. 

Although there's no action users can take now, make sure to always install security updates as soon as they become available. 

TOPICS
Kate Kozuch

Kate Kozuch is the managing editor of social and video at Tom’s Guide. She writes about smartwatches, TVs, audio devices, and some cooking appliances, too. Kate appears on Fox News to talk tech trends and runs the Tom's Guide TikTok account, which you should be following if you don't already. When she’s not filming tech videos, you can find her taking up a new sport, mastering the NYT Crossword or channeling her inner celebrity chef.

Latest in Malware & Adware
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Green skull on smartphone screen.
This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message
PayPal logo on iPhone
Watch out! Scammers are using this PayPal setting to take over your PC
A laptop displaying the Chrome logo
Don't click this — malicious ads impersonating Google Chrome spreading dangerous malware
Latest in News
iPhone 17 Air render
New leaked iPhone 17 dummy units show off super-thin iPhone 17 Air with this surprising design tweak
Simone Ashley and Hero Fiennes Tiffin in "Picture This" now streaming on Prime Video
Prime Video top 10 has 3 must-watch movies — including a bubbly romcom starring 'Bridgerton's' Simone Ashley
(L-R) Josh Hartnett as Cooper and Ariel Donoghue as Riley in "Trap"
Netflix top 10 movies — here’s the 3 worth watching right now
iOS 19 logo on an iPhone
Apple WWDC 2025: iOS 19 and everything we know so far
Siri
Siri 2.0 features reportedly only working ‘two-thirds to 80% of the time’
Jack Draper in action at Indian Wells 2025
How to watch Indian Wells men’s and women’s finals: live stream tennis online