Android users, beware. A security consulting firm has identified a malware upgrade that can remotely access smartphones to steal unlock credentials and 2FA Google Authenticator codes.

The update, reported by Dutch mobile security firm ThreatFabric (via ZDNet), details a surprising remote access Trojan granted to the banking Trojan Cerberus, which was introduced last summer ( RAT) feature to the banking Trojan "Cerberus" that appeared last summer. Once the RAT feature is enabled on the victim's phone, the Cerebrus operator can record the user's unlock PIN, swipe pattern, and even the Google Authenticator 2FA code.

Google Authenticator is a useful tool that can help add additional security to online banking and other important accounts. However, according to ThreatFabric, the power of Cerberus' new RAT allows attackers to steal 2FA codes, access victims' financial accounts, and transfer funds to themselves.

Of course, there is a lot of information hackers can obtain using authenticator codes, but banking transactions are Cerberus' usual target.

Because Google Authenticator codes are created and stored locally on the phone, online accounts with a 2FA layer with Authenticator are considered more protected than those using one-time SMS-based credentials

However, the Authenticator is not a secure authentication method.

However, if the Cerberus RAT upgrade reaches a malicious actor, the Authenticator will be compromised. [According to ThreatFabric, the RAT feature is not active in the version of Cerberus currently being advertised and sold on hacking forums. However, according to the researchers, it "may be released soon," meaning that hackers may have access to advanced malware.

The fact that malware has such a new feature likely means that Android and app developers have already taken steps to enhance software security.

There are no measures that users can take right now, but they should always install security updates as soon as they become available.