A sneaky form of malware has picked up a new trick that can make it much easier to get into your bank account.

Remote Access Banking Trojans (known as RAT malware) sneak onto your phone by hiding in seemingly legitimate-looking apps. They sit dormant on your phone until you try to open your banking software, then they duplicate the log-in screen of your account with an overlay that looks exactly like the real thing. When you type in your username and password, the malware steals it.

One way to beat this type of malware is to enable two-factor authentication on any account. That means you need to answer an additional question, enter a code, respond to a text, approve with an authenticator app to log into your account.

But a new strain of RAT malware called Cereberus has found a way around that. It’s capable of stealing two-factor authentication codes from the Google Authenticator app on your phone.

What can you do?  As always be super-careful about what you put on your phone. Don’t download apps from anywhere but the app store and take a really good look at the apps you choose to download. Check their ratings and how many downloads there are. Also, don’t forget to install security software on your phone. But be very careful about it. Look for the big names because one place you’ll often find malware is in fake security apps.

As always, keep a very close eye on any transactions in your bank account.