CVE-2022-36029 BigBlueButton Greenlight Open Redirect vulnerability
CVE-2022-36028 BigBlueButton Greenlight Open Redirect vulnerability
GHSA-ppx5-q359-pvwj ### Summary When looping over a `range` of the form `range(
GHSA-xchq-w5r3-4wg3 ### Summary Incorrect values can be logged when `raw_log` bu
GHSA-r56x-j438-vw5m ### Summary Using the `slice` builtin can result in a double
GHSA-3whq-64q2-qfj6 ### Summary Using the `create_from_blueprint` builtin can re
GHSA-m2v9-w374-5hj9 ### Summary Prior to v0.3.0, `__default__()` functions did n
GHSA-5jrj-52x8-m64h ### Summary Using the `sqrt` builtin can result in multiple
GHSA-346h-749j-r28w ### ECDSA Canonicalization PHPECC is vulnerable to malleabl
GHSA-7j7j-66cv-m239 ### Impact ZITADEL provides users the possibility to use Tim
News

Cerberus Mobile Banking Trojan Source Code Available for Free After Failing to Sell

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

The source code of the Cerberus mobile banking Trojan has been released for free after failing to sell when put up for auction on Russian hacking forums.

The (Russian-speaking) group behind Cerberus split in July this year and decided to put the source code for the malware up for sale. It was claimed the malware generated $10,000 in revenue per month and initially a price of $50,000 was set, which included the APK source code, client list, servers, and code for administrator panels.

The group had hoped to make at least $100,000 but, when no bidders came forth, they released the source code under the name Cerberus v2.

The malware, which is designed for Android devices, first appeared in mid-2019 and was claimed to be coded from scratch, without using code from pre-existing banking Trojans.

After infecting a victim's device, a Trojan allows attackers to (remotely) take total control of the device. As well, the Trojan can also employ overlay attacks (on banking, retail, and social networking apps), SMS control - including intercepting one-time passcodes (OTP) and two-factor authentication (2FA) details - and contact list harvesting.

When Cerberus was released in 2019, it was offered as Malware-as-a-Service (MaaS) and ranged in price up to $12,000 per year. By September 2019 Cerberus was infiltrating Spanish and Latin American targets and then attacks stealing 2FA tokens from Google Authenticator and texts were observed in February 2020. In July this year, the malware made its way into the Google Play store as a legitimate currency converter.

Kaspersky researcher Dmitry Galov has said the leaked code should be viewed as an increased threat for smartphone users and the banking sector at large.

Cerberus clients had previously been asked not to attack users of Russian mobile devices. However, after the free release of the source code, there was a sharp rise in infections across Europe ... and Russia.

As well as Russia now being 'fair game', it's safe to assume that not only will there be a rise in the use of Cerberus, but also new variants.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Top Stories

Features

What is PCI DSS Requirement 6.1?

What is PCI DSS Requirement 6.1?

There are 12 PCI DSS Requirements that need to be met to attain PCI compliance. One of those, Requirement 6, ensures that an entity has its software protected by up-to-date "vendor-provided security patches".

What is PCI DSS Requirement 6?

What is PCI DSS Requirement 6?

The official explanation of PCI DSS Requirement 6 is summed up as "Develop and maintain secure systems and applications". In other words, an entity attaining PCI compliance needs to have its software protected by up-to-date "vendor-provided security patches".

What is an Approved Scanning Vendor (ASV)?

What is an Approved Scanning Vendor (ASV)?

Discover the Complexities Behind PCI Compliance: Unraveling the Critical Role of External Scans, Internal Vulnerability Checks, and the Cruciality of Requirement 6.1 in Cybersecurity. Explore how ASVs and Services like SecAlerts Play Key Roles in This Compliance Puzzle!

What is a zero-day?

What is a zero-day?

A zero-day refers to a vulnerability in software or hardware that is unknown to the vendor or the public. It's called "zero-day" because once it's discovered, attackers can exploit it immediately, leaving zero days for the vendor to fix it.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203