Android banking trojan Cerberus is effective at resisting one-time passcodes (OTP) made from the Google Authenticator along with other similar programs.
It notes that rogue programs take advantage of Android access to pull on screenshots.
Programs and platform providers that are specific may capture screens from Running apps with the support of this Media Projection API.
The bug is still present From the edition of the Authenticator program.