Cerberus Android Trojan Is The Newest Mobile Malware For Rent

Cerberus Android Trojan Is The Newest Mobile Malware For Rent

1 Star2 Stars3 Stars4 Stars5 Stars (Ingen stemmer endnu)
Loading ...

Cerberus Android Trojan

The Cerberus Android Trojan is a new malware made for the popular mobile operating system. It is a complex threat which is being offered for rent to prospective hackers via a model which is similar to RaaS. When equipped it can take total control of the vulnerable end devices and carry out a multitude of malicious actions.

The Cerberus Android Trojan Is A Devastating Weapon For Rent

A computer hacker have devised a new malware for the Android operating system known as the Cerberus Android Trojan. It is made by an experienced author who has followed the example of other well-known threats. According to the released advert it is built from scratch and doesn’t appear to have code snippets from existing malware. This means that it can be very difficult to detect by current security mechanisms. Claims about the Cerberus’s use by the hacker is that it has been used in private campaigns for at least two years before it is made available to the public. The price for having access to it is 2000 til 1 måned, $7000 til 6 months the sum of $12,0000 for a year. What’s particularly interesting about it is that it is promoted on public social networks with “official” profiles and even promotions.

Captured samples of it were analyzed in a secure environment and it appears that the hacker is using a multitude of techniques in order to facilitate user surveillance. An example is the movement of the victims by measuring the readouts of the built-in accelerometer sensor. When the Cerberus Android Trojan is deployed onto a given host (without regards to the used distribution technique) it will hide its icon from the applications drawer. It will then proceed with a prompt asking the victims for privileges by posing as an Accessibility service – the window will also read “Enable Flash Player Service”. If this is done the victim user will give privileges to the Trojan. One of the first actions that will be run afterwards is the blocking of the Google Play Protect service and install itself as a persistent threat.

Netflix Android App Requests Access to Physical Activity. Men hvorfor?

Just like the other Android Trojans Cerberus can be used as a very effective tool for overvågning, data theft and banking Trojan activity. The full list of available features in its current iteration is the following:

  • Dynamic Overlaying Over Applications
  • Keylogger Installation
  • SMS Harvesting
  • Device Data Collection
  • Contact List Data Collection
  • Listing of Installed Applications
  • Location Data Acquisition
  • Calls Manipulation
  • Remote Execution and Interaction With Applications
  • Web Pages Display
  • Lås skærm
  • Third-Party Modules Deployment
  • Protective Mechanisms Auto-Launch

At the moment the main applications with which the Cerberus Android Trojan can interact number a small number of applications. A list of them is the following:

Play Market, Boursorama Banque, Bank, Chase Mobile, Fifth Third Mobile Banking, Connect for Hotmail, Gmail, imo free video calls and chat, Bank of America Mobile Banking, ING, Instagram, Capital One Mobile, mail.com mail, Microsoft Outlook, Snap Chat, WeChat, Twitter, Uber, USAA Mobile, US. Bank – Inspired by customers, Viber, Wells Fargo Mobile, WhatsApp, Yahoo Mail – Organized Email, Banque Populaire, Ma Banque, 楽天銀行 -個人のお客様向けアプリ, L’Appli Société Générale, Mes Comptes BNP Paribas and Telegram

At the moment there are no large-scale attack campaigns carrying the threat however we anticipate that in the future it can be used by prospective hackers.


Martin Beltov

Martin dimitterede med en grad i Publishing fra Sofia Universitet. Som en cybersikkerhed entusiast han nyder at skrive om de nyeste trusler og mekanismer indbrud.

Flere indlæg - Websted

Følg mig:
TwitterGoogle Plus

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...