Google has only partially mitigated the attack, which involves using a malicious Android app to secretly discern the two-factor codes generated by authenticator apps.