MDM is a service that allows remote management of mobile devices and is used by many companies around the world. The company affected by hacking, used the corresponding command server for greater ease of execution of tasks, such as arranging device settings throughout the company, rejecting applications, and more.
But hackers have managed to use 75% of the company's devices in this case through MDM. The malicious software they installed on Appliances, is a variant of Cerberus and can collect huge amounts of sensitive data of their users. This data is then sent to a c & c server controlled by hackers.
Cerberus is a banking trojan first discovered in June 2019. Through a Malware-as-a-Service (MaaS) model, it allows those using its services to reduce their payload. Worst of all, an intruder can take full control of a device when it does attack.
Restore factory settings to all devices
As soon as the malicious agents gained access to the company's MDM server, they took advantage of application and after that they managed to break almost 75% of the company's Android devices.
Security investigators noticed that two applications were installed on a large number of the company's devices, which aroused their curiosity and they discovered the breach on the MDM server.
In addition, security researchers at Check Point have concluded that in order to get rid of this malware and the intruder's ability to control infected Android devices, companies will need to reset the factory settings of all Android devices registered to the infringer. MDM server.