Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Author

Topic: {Warning} New Malware is stealing your Google 2FA!! (Read 142 times)

darktor
jr. member
Activity: 51
Merit: 6
{Warning} New Malware is stealing your Google 2FA!!
March 16, 2021, 12:23:27 PM
#8
Quote from: TheBeardedBaby on March 15, 2021, 11:06:09 AM
There's a new version of the "Cerberus" Trojan horse for Andoid phone which is now able to steal your one-time codes from Google Auth. App.
Stay alert.

Quote
Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that's used as a two-factor authentication (2FA) layer for many online accounts.

Some people already got hacked their exchange accounts: https://twitter.com/scottmelker/status/1371453355688656898
Don't store significant amount of money on Exchanges...

Source here: https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/

Thanks to the cryptocurrency now since the value to increase there are many more rich people who can develop more modern software over the old days welcome in the future   Grin . They are also for sale on an forum exploit Roll Eyes
ScamViruS
hero member
Activity: 1694
Merit: 719
Top Crypto Casino
Re: {Warning} New Malware is stealing your Google 2FA!!
March 16, 2021, 11:47:51 AM
#7
Quote from: ecnalubma on March 16, 2021, 10:05:34 AM
Hackers will always find a way to steal someone’s important credentials like passwords and its no surprise that they managed to steal some users 2FA codes since its most popular way to secure websites account. Not an android user anymore for three years but its still alarming and one day they might manage to exploit iOS devices most probably.

Sometimes scammers do not get access to the user's account even after getting other information including the user's password. Then they look for other ways to gather more information, including finding different ways to steal 2FA's information. This information is very sensitive for crypto users, so that their accounts are in danger.

The scammers continue their scam missions, they are not stopping their activities, so the crypto community should expose their activities.
ecnalubma
sr. member
Activity: 1526
Merit: 420
Re: {Warning} New Malware is stealing your Google 2FA!!
March 16, 2021, 10:05:34 AM
#6
Hackers will always find a way to steal someone’s important credentials like passwords and its no surprise that they managed to steal some users 2FA codes since its most popular way to secure websites account. Not an android user anymore for three years but its still alarming and one day they might manage to exploit iOS devices most probably.
vapourminer
legendary
Activity: 4298
Merit: 3505
what is this "brake pedal" you speak of?
Re: {Warning} New Malware is stealing your Google 2FA!!
March 16, 2021, 08:51:28 AM
#5
Quote from: TheBeardedBaby on March 15, 2021, 11:06:09 AM
There's a new version of the "Cerberus" Trojan horse for Andoid phone which is now able to steal your one-time codes from Google Auth. App.
Stay alert.

[...]

Source here: https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/


yubikeys ftw


you can also configure a trezor as a yubikey.

edit: a rooted phone is just asking for trouble. dunno if the affected phones were or not.
skarais
legendary
Activity: 2464
Merit: 2094
Re: {Warning} New Malware is stealing your Google 2FA!!
March 15, 2021, 02:56:18 PM
#4
A scenario that should be practiced based on other people's experience is to use GA on a device that is not connected to the internet. That will provide a good level of security because I know hackers won't be able to do anything as long as the device is not connected to the internet. But I'm sure not many people have done this so far.

Quote from: The Cryptovator on March 15, 2021, 01:50:14 PM
Really shocked. How peoples would save their funds where even Google 2FA could steal from the device? If using mobile phone verification then it's also could be stolen with the help of operator helps.
I know that some of us are people who do a lot of CTRL-C and CTRL-V when using code from GA. It reminded me of the @LoyceV thread of how someone loses bitcoin just because of the CTRL-C and CTRL-V for their bitcoin address. It must be user aware (Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses). In addition, you should not store large amount of asset as a substitute to avoid thing that are not desirable.



bitmover
legendary
Activity: 2212
Merit: 5622
Non-custodial BTC Wallet
Re: {Warning} New Malware is stealing your Google 2FA!!
March 15, 2021, 02:55:05 PM
#3
Quote from: TheBeardedBaby on March 15, 2021, 11:06:09 AM
There's a new version of the "Cerberus" Trojan horse for Andoid phone which is now able to steal your one-time codes form Google Auth. App.
Stay alert.

Quote from: The Cryptovator on March 15, 2021, 01:50:14 PM
Anyway, we should use high reputed exchange where ask for multiple verifications. For example, Binance requires me 3 step verification during withdrawal, Google 2FA, mobile, and email verification.

As times goes new security protocolos shows up , just as new form of attacks.

The most secure method is still the old cold storage... note down the seed in a piece of paper, and keep it safe.

And the second most important thing: safe habits online. Don't download shit, don't watch porn, don't crack software, etc and you will have a much safer computer/internet experience.


For exchanges, even email + 2FA +password falls with this new attack. If the attacker has the 2FA in his phone, he can certainly get his hands on the email which is in the same phone as well.

Personally, there are so security problems in exhcnages that I leave only a few hundred bucks (at the most) in all of them. I think binance is the best basically in every aspect, but even so I wouldn't trust more than a few hundred dollars there.
The Cryptovator
legendary
Activity: 2226
Merit: 2169
Need PR/CMC & CG? TG @The_Cryptovator
Re: {Warning} New Malware is stealing your Google 2FA!!
March 15, 2021, 01:50:14 PM
#2
Really shocked. How peoples would save their funds where even Google 2FA could steal from the device? If using mobile phone verification then it's also could be stolen with the help of operator helps. It's time to think for something else from the end of Google. If continuously happen that then peoples will lose faith from  Google 2FA although that's no a mistake of Google.

Anyway, we should use high reputed exchange where ask for multiple verifications. For example, Binance requires me 3 step verification during withdrawal, Google 2FA, mobile, and email verification.
TheBeardedBaby
legendary
Activity: 2184
Merit: 3134
₿uy / $ell
Re: {Warning} New Malware is stealing your Google 2FA!!
March 15, 2021, 11:06:09 AM
#1
There's a new version of the "Cerberus" Trojan horse for Andoid phone which is now able to steal your one-time codes from Google Auth. App.
Stay alert.

Quote
Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that's used as a two-factor authentication (2FA) layer for many online accounts.

Some people already got hacked their exchange accounts: https://twitter.com/scottmelker/status/1371453355688656898
Don't store significant amount of money on Exchanges...

Source here: https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/
Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Jump to: