September 27, 2023

Bitcoin wallets are at stake: hackers modified the trojan to intercept Google Authenticator passwords

ThreatFabric specialists recorded a modification of the Cerberus Trojan virus that intercepts one-time passwords from Google Authenticator apps.

According to experts, known since the summer of 2019for a year, the trojan underwent a code base refactoring, thanks to which it got the opportunity to abuse Accessibility rights in Android. It can intercept the credentials of the device’s screen lock and the contents of the application interface, sending them to the attacker’s server.

“RAT can view the file system of a device and download its contents. She’s also able to launch TeamViewer and configure connections to it, " - the report says.

This way hackers get unlimitedaccess to the victim’s device, including changing his settings, installing or removing applications, but, first of all, using any software on the device, including banking applications, instant messengers and social networks, even using two-factor authentication via Google Authenticator.

The new modification of the malware has not yet received widespread advertising in hacker forums and, most likely, is still at the testing stage, but may be released in the near future.

“An exhaustive list of Cerberus goals combinedwith the new feature, RAT carries critical risks for financial applications offering online banking services. At the same time, the list of targeted applications can be expanded, including to cryptocurrency wallets, ” - experts noted.

Kaspersky Lab’s cybersecurity experts confirmed in a ForkLog comment that hackers can easily increase the Trojan’s reach.

“In general, it is not difficult for attackers to reconfigureThis malware is designed to steal credentials from cryptocurrency wallets. To ensure security, crypto-wallet holders should use specialized Android security software on their gadgets, ” - said Kaspersky Lab antivirus expert Viktor Chebyshev.

In October 2019, banking was discovered.Geost virus, which infected more than 800 thousand Android devices of Russian users. According to preliminary data, attackers could control millions of rubles in the bank accounts of Russians.