Cerberus is a trojan horse targeting Android mobile phone banking credentials.

History

edit

It was initially spotted in June 2019.[1] It was spotted targeting Spanish and Latin American targets in September 2019.[2] Its attacks are capable of stealing Google Authenticator and SMS 2FA tokens, behavior that was spotted in February 2020.[1] In April 2020, variants has been spotted posing as COVID-19-related apps.[3]

Research indicates that Cerberus has developed overlay attacks for over 30 unique targets, making it a versatile threat in the mobile banking landscape.[4]

Cerberus is capable of logging all keystrokes (including passwords) and stealing 2FA tokens from Google Authenticator and SMS messages. It also allows remote control over the device using TeamViewer.[5] It is sold as Malware as a service on underground forums.[6]

References

edit
  1. ^ a b Cimpanu, Catalin (2020-02-27). "Android malware can steal Google Authenticator 2FA codes". ZDNet. Retrieved 2020-04-28.
  2. ^ "Cerberus Android Malware Gains Ability to Steal 2FA Tokens, Screen Lock Credentials". Security Intelligence. 2020-03-02. Retrieved 2020-04-28.
  3. ^ "Coronavirus stimulus scams are here. How to identify these new online and text attacks". CNET. Retrieved 28 April 2020.
  4. ^ "Defend Against Cerberus Trojan Threats". Zimperium. Retrieved 2024-08-07.
  5. ^ Doffman, Zak (2020-04-09). "New Android Coronavirus Malware Threat Exposed: Here's What You Must Not Do". Forbes. Retrieved 2020-04-28.
  6. ^ "Malicious coronavirus-themed apps target Android devices". TechRepublic. 2020-03-18. Retrieved 2020-04-28.