Android malware can steal Google Authenticator 2FA codes

A new version of the ‘Cerberus’ Android banking trojan will be able to steal one-time codes generated by the Google Authenticator app and bypass 2FA-protected accounts. Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that’s used as a two-factor authentication (2FA) layer for many online accounts.

Source: zdnet.com