A security consulting firm has warned of malware that can remotely access smartphones to steal phone unlock keys and two-factor authentication codes for the Google Authenticator app (2FA Google Authenticator).

This warning came in a report for the website "Znet" on technology, quoting Dutch mobile security company "Thret Fabric", detailing the worrisome capabilities of the "Remote Access Trojan" software (RAT), which is an upgrade to a previous malware that appeared last summer with the name Cerberus.

When activated on the victim's phone, the RAT features allow Cerberus operators to register the phone's unlock code, swipe pattern and even two-factor authentication codes (2FA) for the Google Authenticator app.

Google Authentikitor is a useful tool that helps people add an extra layer of security to their important accounts, including those used in Internet banking. But according to Threet Fabric, the new capabilities of "Rat" will allow the attackers to steal the two-factor authentication code, access the victim's financial account and transfer the money to themselves.

Of course there is a large number of information that hackers can capture through authentication codes, but bank account numbers are the usual target for Cerberus malware operators.

Because Google Authenticator codes are being created and stored locally on phones, online accounts with “2FA” layers of the Google Authenticator app are better protected than those that use one-time SMS-based authentication codes.

However, if Cerberus' RAT upgrade reaches bad actors, the authentication system for Google Authenticator will be compromised.

But knowing that this malware has these new capabilities likely means that Android developers and applications have already taken the necessary steps to raise the level of software security.

Although there is no action that users can take now, it is always a good idea to make sure that security updates are installed as soon as they are available.