The Cerberus Android Trojan is a new malware made for the popular mobile operating system. It is a complex threat which is being offered for rent to prospective hackers via a model which is similar to RaaS. When equipped it can take total control of the vulnerable end devices and carry out a multitude of malicious actions.
The Cerberus Android Trojan Is A Devastating Weapon For Rent
A computer hacker have devised a new malware for the Android operating system known as the Cerberus Android Trojan. It is made by an experienced author who has followed the example of other well-known threats. According to the released advert it is built from scratch and doesn’t appear to have code snippets from existing malware. This means that it can be very difficult to detect by current security mechanisms. Claims about the Cerberus’s use by the hacker is that it has been used in private campaigns for at least two years before it is made available to the public. The price for having access to it is 2000 for 1 month, $7000 for 6 months the sum of $12,0000 for a year. What’s particularly interesting about it is that it is promoted on public social networks with “official” profiles and even promotions.
Captured samples of it were analyzed in a secure environment and it appears that the hacker is using a multitude of techniques in order to facilitate user surveillance. An example is the movement of the victims by measuring the readouts of the built-in accelerometer sensor. When the Cerberus Android Trojan is deployed onto a given host (without regards to the used distribution technique) it will hide its icon from the applications drawer. It will then proceed with a prompt asking the victims for privileges by posing as an Accessibility service – the window will also read “Enable Flash Player Service”. If this is done the victim user will give privileges to the Trojan. One of the first actions that will be run afterwards is the blocking of the Google Play Protect service and install itself as a persistent threat.
Just like the other Android Trojans Cerberus can be used as a very effective tool for surveillance, data theft and banking Trojan activity. The full list of available features in its current iteration is the following:
- Dynamic Overlaying Over Applications
- Keylogger Installation
- SMS Harvesting
- Device Data Collection
- Contact List Data Collection
- Listing of Installed Applications
- Location Data Acquisition
- Calls Manipulation
- Remote Execution and Interaction With Applications
- Web Pages Display
- Third-Party Modules Deployment
- Protective Mechanisms Auto-Launch
At the moment the main applications with which the Cerberus Android Trojan can interact number a small number of applications. A list of them is the following:
Play Market, Boursorama Banque, Banque, Chase Mobile, Fifth Third Mobile Banking, Connect for Hotmail, Gmail, imo free video calls and chat, Bank of America Mobile Banking, ING, Instagram, Capital One Mobile, mail.com mail, Microsoft Outlook, Snapchat, WeChat, Twitter, Uber, USAA Mobile, U.S. Bank – Inspired by customers, Viber, Wells Fargo Mobile, WhatsApp, Yahoo Mail – Organized Email, Banque Populaire, Ma Banque, 楽天銀行 -個人のお客様向けアプリ, L’Appli Société Générale, Mes Comptes BNP Paribas and Telegram
At the moment there are no large-scale attack campaigns carrying the threat however we anticipate that in the future it can be used by prospective hackers.