Not all two-factor authentication systems, a.k.a. 2FA, are created equal and some, like SMS, are deemed insecure but still better than no 2FA at all. In lieu of ubiquitous biometrics, the easiest 2FA method recommended is the use of a 2FA app of which Google Authenticator is perhaps the most popular. But what if that 2FA app itself is discovered to be insecure? That's the rather worrying situation users may find themselves in thanks to a new but thankfully still unreleased malware.