There's a new version of the "Cerberus" Trojan horse for Andoid phone which is now able to steal your one-time codes form Google Auth. App. Stay alert.
Quote
Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that's used as a two-factor authentication (2FA) layer for many online accounts.