Cerberus banking Trojan source code has been released for free malware in an underground hacking forum after a failed auction. Dmitry Galov, Kaspersky Security researcher, told Reuters yesterday Kaspersky NEXT 2020 that the source code leaked with the name Cerberus v2, is a big threat to users smartphone, as well as for the banking sector in general.
Cerberus is one mobile banking Trojan created for the Google Android operating system. Malware-as-a-Service (MaaS) Cerberus, which appeared in the threat landscape in August 2019, is an Android RAT developed from scratch and does not borrow code other malicious programs. It can secretly monitor communications, affect the operation of a device and steal data, including banking credentials, creating overlaps in existing banking, social networking applications as well as in retail applications.
Additionally, malware can read text messages that may contain one-time (OTP) and two-factor authentication (2FA) passwords, bypassing standard 2FA account protections. OTPs generated through Google Authenticator can also be stolen.
According to Threat Fabric researchers who first analyzed the malicious code, the Cerberus banking Trojan has characteristics similar to other Android RATs, allowing its operators to have complete control over infected devices.
In early July, Avast researchers discovered the Cerberus banking Trojan on Google Play, where it came in the form of a legal currency converter. It is believed that when the application was submitted to Google for approval, its functions were "innocent" and legal - but once a large user base was created, an update package deployed the Trojan on victims' devices.
Later that month, the Hudson Rock saw the Cerberus banking Trojan go up for auction. An ad posted by the malware maintainer revealed that the development team had disbanded, and a new owner was being sought.
The operator set the starting price at $ 50.000 - with the aim of reaching up to $ 100.000 for the .APK source code, client list, servers and malware admin panel code. The auctioneer claimed that the Cerberus banking Trojan brought in $ 10.000 a month in revenue.
Kaspersky said that despite the fact that Russian-speaking developers of the Cerberus banking Trojan had a new vision for the project in April this year, auctions for the source code began in late July due to the dissolution of the team that developed it. He added that the author later decided to publish the source code of the project for premium users in a popular Russian-speaking underground hacking forum. Kaspersky also noted that since the release of Cerberus's source code in the underground hacking forum, there has been a rapid and rapid increase in mobile application infections across the Europe and Russia. According to Galov, it is particularly interesting that previous customers were not encouraged to "hit" Russian mobile users, but at the time the code was released, its landscape attack changed.
When Cerberus was offered as Malware-as-a-Service, the threat was limited to groups of attackers who could pay for the code, subscribing from $ 4.000 a month to $ 12.000 a year. Now that the developer has released the source code for free, you may not only see the growing adoption of Cerberus, but also new variations, possibly based on the code leaked to the hacking forum.
Galov stressed that the company cyber security continues to research all the data found in relation to the code and to monitor the relevant activity. He added that the best defense that users can adopt includes security aspects that should already be applied to all their mobile phones. Appliances, as well as in their bank security.