Sunday, January 24, 14:41
Home security Cerberus banking Trojan source code is available for free in hacking forums

Cerberus banking Trojan source code is available for free in hacking forums

Cerberus banking Trojan source code has been released for free malware in an underground hacking forum after a failed auction. Dmitry Galov, Kaspersky Security researcher, told Reuters yesterday Kaspersky NEXT 2020 that the source code leaked with the name Cerberus v2, is a big threat to users smartphone, as well as for the banking sector in general.

Cerberus is one mobile banking Trojan created for the Google Android operating system. Malware-as-a-Service (MaaS) Cerberus, which appeared in the threat landscape in August 2019, is an Android RAT developed from scratch and does not borrow code other malicious programs. It can secretly monitor communications, affect the operation of a device and steal data, including banking credentials, creating overlaps in existing banking, social networking applications as well as in retail applications.

Cerberus banking Trojan vs smartphone users

Additionally, malware can read text messages that may contain one-time (OTP) and two-factor authentication (2FA) passwords, bypassing standard 2FA account protections. OTPs generated through Google Authenticator can also be stolen.

According to Threat Fabric researchers who first analyzed the malicious code, the Cerberus banking Trojan has characteristics similar to other Android RATs, allowing its operators to have complete control over infected devices.

In early July, Avast researchers discovered the Cerberus banking Trojan on Google Play, where it came in the form of a legal currency converter. It is believed that when the application was submitted to Google for approval, its functions were "innocent" and legal - but once a large user base was created, an update package deployed the Trojan on victims' devices.

trojan-Google Play

Later that month, the Hudson Rock saw the Cerberus banking Trojan go up for auction. An ad posted by the malware maintainer revealed that the development team had disbanded, and a new owner was being sought.

The operator set the starting price at $ 50.000 - with the aim of reaching up to $ 100.000 for the .APK source code, client list, servers and malware admin panel code. The auctioneer claimed that the Cerberus banking Trojan brought in $ 10.000 a month in revenue.

banking trojan

Kaspersky said that despite the fact that Russian-speaking developers of the Cerberus banking Trojan had a new vision for the project in April this year, auctions for the source code began in late July due to the dissolution of the team that developed it. He added that the author later decided to publish the source code of the project for premium users in a popular Russian-speaking underground hacking forum. Kaspersky also noted that since the release of Cerberus's source code in the underground hacking forum, there has been a rapid and rapid increase in mobile application infections across the Europe and Russia. According to Galov, it is particularly interesting that previous customers were not encouraged to "hit" Russian mobile users, but at the time the code was released, its landscape attack changed.

When Cerberus was offered as Malware-as-a-Service, the threat was limited to groups of attackers who could pay for the code, subscribing from $ 4.000 a month to $ 12.000 a year. Now that the developer has released the source code for free, you may not only see the growing adoption of Cerberus, but also new variations, possibly based on the code leaked to the hacking forum.

Galov stressed that the company cyber security continues to research all the data found in relation to the code and to monitor the relevant activity. He added that the best defense that users can adopt includes security aspects that should already be applied to all their mobile phones. Appliances, as well as in their bank security.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Google: How to view and delete the data it collects for you

There are some companies that people do not seem to trust much - one of them is Google. The reason...

Signal: How to check if your messages are private and secure?

The Signal messaging application has suddenly gained a large number of new users, which is due to the recent "scandal" of WhatsApp, which announced ...

Instagram: How to enable notifications for specific profiles

There are some profiles on Instagram where you want to see the content they publish as soon as possible - it can be a news ...

NASA's historic launch pad is to be demolished

NASA's famous Mobile Launcher Platform-2 launch platform, which has been linked to the Apollo and Space Shuttle missions, ...

Elon Musk: Gives $ 100 million for best CO2 capture technology Ο Elon Musk δήλωσε χθες, στο λογαριασμό του στο Twitter, ότι σκοπεύει να δώσει 100 εκατομμύρια...

How can you unblock sites and services using a VPN?

The Internet is free and open to all. However, there are some sites and services whose content is blocked, which ...

Google Chrome: How to manage your extensions?

Google Chrome extensions can be very useful, as they improve your productivity when using the browser.

Intel CPUs Review: Core i7-10700 vs Core i7-10700K!

Over the years, the Intel series of processors (CPUs) introduced the series of overclocking models "K" and more recently the series ...

The DeLorean can return as an electric car

The DMC DeLorean has been out of production for almost 40 years, but it looks like the iconic vehicle will return as an electric car.

Windows RDP servers are used to support DDoS

Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to reinforce the unwanted ...