Android is again threatened by the Cerberus malware, a banking malware capable of emptying the bank account of these victims. The source code of Cerberus has been published on the web and can be found in free access. Computer security researchers fear an increase in attacks via this malware.
The Cerberus malware appeared in a Spanish currency conversion application in July 2020. However, this Monday, September 21, 2020, we learned that the source code of the malware was disseminated on the Net on underground forums. Kapersky's computer security researchers have been following the malware's situation diligently since its first appearance in July 2020.
Cerberus malware in free access on the Net
In the meantime, development teams have tried to sell their malware to the highest bidding groups of cybercriminals, before changing their minds. For some as yet unknown reason, the operators of Cerberus decided to post the source code of the malware on underground forums, making it accessible to everyone.
Unsurprisingly, the number of Android apps infected with Cerberus has skyrocketed in recent weeks, as have attempts to steal money from Russian and European users. “We are already seeing an increase in attacks against users since the source code was released. It's not the first time we've seen something like this happen, but this boom in activity since the developers abandoned the project is unprecedented, ”says Dimitry Galov, security researcher for Kapersky.
Previously, Cerberus was offered on underground forums as a MaaS, for malware-as-a-service. That is, customers had to pay to be able to use the malware. It's sort of like a license or a subscription. Now it is accessible without restriction.
Cerberus V2, even stronger
Icing on the cake, Cerberus seems to have evolved well since its first appearance. Indeed, the source code published concerns Cerberus V2, a second version of the malware capable of sending and stealing 2FA codes contained in SMS. Besides, it can also overlap with banking or financial apps installed on your device. Comfortably hidden in the background, the Trojan waits patiently for a user to launch one of its applications and enter their login credentials.
Kapersky researchers are closely monitoring the evolution of Cerberus. At the same time, they advise Android users to download applications only from reputable and official stores such as the Google Play Store or the App Gallery, to install system updates quickly and to acquire antivirus software. Android.