Cerberus Mobile Banking Trojan Source Code Available for Free After Failing to Sell
The source code of the Cerberus mobile banking Trojan has been released for free after failing to sell when put up for auction on Russian hacking forums.
The (Russian-speaking) group behind Cerberus split in July this year and decided to put the source code for the malware up for sale. It was claimed the malware generated $10,000 in revenue per month and initially a price of $50,000 was set, which included the APK source code, client list, servers, and code for administrator panels.
The group had hoped to make at least $100,000 but, when no bidders came forth, they released the source code under the name Cerberus v2.
The malware, which is designed for Android devices, first appeared in mid-2019 and was claimed to be coded from scratch, without using code from pre-existing banking Trojans.
After infecting a victim's device, a Trojan allows attackers to (remotely) take total control of the device. As well, the Trojan can also employ overlay attacks (on banking, retail, and social networking apps), SMS control - including intercepting one-time passcodes (OTP) and two-factor authentication (2FA) details - and contact list harvesting.
When Cerberus was released in 2019, it was offered as Malware-as-a-Service (MaaS) and ranged in price up to $12,000 per year. By September 2019 Cerberus was infiltrating Spanish and Latin American targets and then attacks stealing 2FA tokens from Google Authenticator and texts were observed in February 2020. In July this year, the malware made its way into the Google Play store as a legitimate currency converter.
Kaspersky researcher Dmitry Galov has said the leaked code should be viewed as an increased threat for smartphone users and the banking sector at large.
Cerberus clients had previously been asked not to attack users of Russian mobile devices. However, after the free release of the source code, there was a sharp rise in infections across Europe ... and Russia.
As well as Russia now being 'fair game', it's safe to assume that not only will there be a rise in the use of Cerberus, but also new variants.
+ + +
Thanks for visiting SecAlerts and reading this story. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.