An Iran-based cyber attack group called Rampant Kitten managed to steal Google 2FA codes with a new malware they developed.
The software produced by the Rampant Kitten group mostly uses the Trojan model and is integrated into applications that seem harmless and takes place on users' devices. This malware can access both passwords, SMS inbox and 2FA codes. It can also record and decode the sound coming from the microphone.
So far, this malware has been seen in a utility application used to obtain a license in Sweden. It is estimated that cyber attackers have infiltrated many applications.
Experts recommend that you be careful when downloading applications and definitely check the permissions of the downloaded application. They also states that new studies should be done for additional security measures.
When using the 2FA security method used in almost all cryptocurrency exchanges and applications, we will need to consider the above warnings.