Cerberus is a trojan horse targeting Android mobile phone banking credentials.
History
editIt was initially spotted in June 2019.[1] It was spotted targeting Spanish and Latin American targets in September 2019.[2] Its attacks are capable of stealing Google Authenticator and SMS 2FA tokens, behavior that was spotted in February 2020.[1] In April 2020, variants has been spotted posing as COVID-19-related apps.[3]
Research indicates that Cerberus has developed overlay attacks for over 30 unique targets, making it a versatile threat in the mobile banking landscape.[4]
Cerberus is capable of logging all keystrokes (including passwords) and stealing 2FA tokens from Google Authenticator and SMS messages. It also allows remote control over the device using TeamViewer.[5] It is sold as Malware as a service on underground forums.[6]
References
edit- ^ a b Cimpanu, Catalin (2020-02-27). "Android malware can steal Google Authenticator 2FA codes". ZDNet. Retrieved 2020-04-28.
- ^ "Cerberus Android Malware Gains Ability to Steal 2FA Tokens, Screen Lock Credentials". Security Intelligence. 2020-03-02. Retrieved 2020-04-28.
- ^ "Coronavirus stimulus scams are here. How to identify these new online and text attacks". CNET. Retrieved 28 April 2020.
- ^ "Defend Against Cerberus Trojan Threats". Zimperium. Retrieved 2024-08-07.
- ^ Doffman, Zak (2020-04-09). "New Android Coronavirus Malware Threat Exposed: Here's What You Must Not Do". Forbes. Retrieved 2020-04-28.
- ^ "Malicious coronavirus-themed apps target Android devices". TechRepublic. 2020-03-18. Retrieved 2020-04-28.