Trending

ee-track">
Link copied!

Cerberus Malware Ineffective. Author Selling the Source Code and Ops in the Darkweb Market.

This banking malware came into the attention in 2019, and is capable of targeting over 30 targets as below: 7 U.S. banking apps 1 Japanese banking app 15 non-banking apps 7 French banking apps The…

August 5, 2020 · 1 min read

This banking malware came into the attention in 2019, and is capable of targeting over 30 targets as below:

  • 7 U.S. banking apps
  • 1 Japanese banking app
  • 15 non-banking apps
  • 7 French banking apps

The android malware was capable of credentials stealing and CC details as well. Some of its capabilities include

  • Architecture: Modular
  • verlaying: Dynamic (Local injects obtained from C2)
  • Keylogging
  • SMS harvesting: SMS listing
  • SMS harvesting: SMS forwarding
  • Device info collection
  • Contact list collection
  • Application listing
  • Location collection
  • Overlaying: Targets list update
  • SMS: Sending
  • Calls: USSD request making
  • Calls: Call forwarding
  • Remote actions: App installing
  • Remote actions: App starting
  • Remote actions: App removal
  • Remote actions: Showing arbitrary web pages
  • Remote actions: Screen-locking
  • Notifications: Push notifications
  • C2 Resilience: Auxiliary C2 list
  • Self-protection: Hiding the App icon
  • Self-protection: Preventing removal
  • Self-protection: Emulation-detection

On July 7, there were reports that the malware infiltrated Google Playstore.

The group is now selling the entire project on one of the market of the darkweb.

image

But it won’t be easy, as Google playprotect has introduced additional securit features which has made this malware / project ineffective.

image 1

This means if a victim has the bot installed, Google will remove it for them.

report-ad-banner

The future of this banking malware project is dim, and it’s unlikely it would come back in its current shape.

That said, some good news for the consumer community and kudos to Google Play Security team for their recent efforts in making the ecosystem more secure.

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams