Amsterdam-based cybersecurity firm ThreatFabric says that Binance, Coinbase and other top cryptocurrency exchanges are being targeted by a recently updated trojan virus.

According to the security report published earlier this week, ThreatFabric says the “Cerberus” Trojan virus is turning its attention towards cryptocurrency exchanges, including popular platforms such as Binance and Coinbase. The virus is capable of stealing 2-Factor Authentication (2FA) codes generated via the Google Authenticator app, which has become a primary means of user security for many email and exchange accounts. 

Cerberus, which the report classifies as a Remote Access Trojan (RAT), was first identified in June 2019. The virus was subsequently updated in January 2020 with the ability to steal 2FA codes from Google Authenticator, in addition to PIN codes used for locking screen devices. 

Once infected, the virus is able to download a device’s contents and establish a remote connection, allowing a hacker full control over any application on the device. 

ThreatFabric wrote, 

The feature enabling theft of device’s screen lock credentials (PIN and lock pattern) is powered by a simple overlay that will require the victim to unlock the device. From the implementation of the RAT we can conclude that this screen-lock credential theft was built in order for the actors to be able to remotely unlock the device in order to perform fraud when the victim is not using the device.

The report continues, 

This once more shows the creativity of criminals to build the right tools to be successful.

Featured Image Credit: Photo via