Researchers have found that an Android malware strain can steal one-time passcodes generated through Google Authenticator, ZDNet reports. Launched in 2010, the app is apparently used as a two-factor authentication layer for many online accounts. “Google launched Authenticator as an alternative to SMS-based one-time passcodes.”