Wednesday, October 21, 12:09
Home security Cerberus banking Trojan source code is available for free in hacking forums

Cerberus banking Trojan source code is available for free in hacking forums

Cerberus banking Trojan source code has been released for free malware in an underground hacking forum after a failed auction. Dmitry Galov, Kaspersky Security researcher, told Reuters yesterday Kaspersky NEXT 2020 that the source code leaked with the name Cerberus v2, is a big threat to users smartphone, as well as for the banking sector in general.

Cerberus is one mobile banking Trojan created for the Google Android operating system. Malware-as-a-Service (MaaS) Cerberus, which appeared in the threat landscape in August 2019, is an Android RAT developed from scratch and does not borrow code other malicious programs. It can secretly monitor communications, affect the operation of a device and steal data, including banking credentials, creating overlaps in existing banking, social networking applications as well as in retail applications.

Cerberus banking Trojan vs smartphone users

Additionally, malware can read text messages that may contain one-time (OTP) and two-factor authentication (2FA) passwords, bypassing standard 2FA account protections. OTPs generated through Google Authenticator can also be stolen.

According to Threat Fabric researchers who first analyzed the malicious code, the Cerberus banking Trojan has characteristics similar to other Android RATs, allowing its operators to have complete control over infected devices.

In early July, Avast researchers discovered the Cerberus banking Trojan on Google Play, where it came in the form of a legal currency converter. It is believed that when the application was submitted to Google for approval, its functions were "innocent" and legal - but once a large user base was created, an update package deployed Trojan on victims' devices.

trojan-Google Play

Later that month, the Hudson Rock saw the Cerberus banking Trojan go up for auction. An ad posted by the malware maintainer revealed that the development team had disbanded, and a new owner was being sought.

The operator set the starting price at $ 50.000 - with the goal of reaching up to $ 100.000 for the .APK source code, client list, servers and malware admin panel code. The auctioneer claimed that the Cerberus banking Trojan brought in $ 10.000 a month in revenue.

banking trojan

Kaspersky said that despite the fact that Russian-speaking developers of the Cerberus banking Trojan had a new vision for the project in April this year, auctions for the source code began in late July due to the dissolution of the team that developed it. He added that the author later decided to publish the source code of the project for premium users in a popular Russian-speaking underground hacking forum. Kaspersky also noted that since the release of Cerberus's source code in the underground hacking forum, there has been a rapid and rapid increase in mobile application infections across Europe and Russia. According to Galov, it is particularly interesting that previous customers were not encouraged to "hit" Russian mobile users, but at the time the code was released, its landscape attack changed.

When Cerberus was offered as Malware-as-a-Service, the threat was limited to groups of attackers who could pay for the code, subscribing from $ 4.000 a month to $ 12.000 a year. Now that the developer has released the source code for free, you may not only see the growing adoption of Cerberus, but also new variations, possibly based on the code leaked to the hacking forum.

Galov stressed that the company cyber security continues to research all the data found in relation to the code and to monitor the relevant activity. He added that the best defense that users can adopt includes security aspects that should already be applied to all their mobile phones. Appliances, as well as in their bank security.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Cisco: Vulnerability CVE-2020-3118 is used in some attacks

Cisco today warned of some attacks that actively target the high-severity vulnerability CVE-2020-3118, which has been found to affect many routers ...

Google: Chrome patch released for zero-day vulnerability fix

Google yesterday released the new version of Chrome 86.0.4240.111, with security updates, to fix a zero-day vulnerability that, according to ...

Microsoft: Said to Shut Down 94% of TrickBot C&C Servers!

Last week, Microsoft-led cybersecurity companies joined forces to crack down on TrickBot, one of ...

Vulnerabilities in MobileIron MDM servers used by hackers

Government hacking teams and other criminals exploit vulnerabilities in MobileIron MDM servers and gain access to corporate networks.

Albion Online: The forum of the popular online game has been violated!

A popular online role-playing game has revealed that its user forum has been breached, exposing email addresses and encrypted passwords ...

Iranian CEO guilty of conspiracy and breach of US sanctions!

The United States has sentenced the CEO of a financial services company to 23 months in prison for allegedly helping Iranian nationals carry out financial ...

Adobe: Fixes vulnerabilities that affect Windows / macOS apps

Adobe has released security updates to address vulnerabilities that affect many of its Windows and macOS products. These vulnerabilities ...

Pfizer: patient data from the major pharmaceutical industry were exposed

The world-famous pharmaceutical company Pfizer Inc., seems to have suffered a data breach resulting in the information of many of its patients being exposed to ...

Ohio school district suffered data breach!

Cybercriminals broke into a school district of Ohio, gaining access to its system and leaking personal information to the internet ...

Blackbaud: OSF HealthCare reports data breach

As the OSF HealthCare System informed its patients, it is possible that their personal data has been leaked as a result of a violation ...