Authors of the new Android Trojan advertise their product and make fun of anti-virus vendors on Twitter
Security experts analyzed a new interesting banking Trojan for the Android mobile operating system.
The malware got the name Cerberus, and its author rents out its development (malware-as-a-service scheme).Cerberus is a Remote Access Trojan (RAT) designed from the ground up — without partial or full use of the code of another malicious program.
The malware came under the “microscope” of researchers from the company Threat Fabric.
“In June, our analysts found a new malware for Android, it was named “Cerberus“. The authors of the trojan claim that they managed to avoid detection for two years with antivirus products. There is also information that the malware was written from scratch”, – the Threat Fabric report said.
As the experts found out during the analysis, Cerberus allows its operators to get full control over the attacked device.
The new malware has all the features of a banking trojan: overlaying its windows on top of other applications, intercepting SMS messages and accessing the victim’s contact list.
Read also: Google Play clicker Trojan installed over 100 million times
In addition, Cerberus can take screenshots, record audio, record keystrokes and more.
The author of this malware is quite active on Twitter. There he laughs at the developers of anti-virus solutions – he managed to bypass detection for two years.
“One peculiar thing about the actor group behind this banking malware is that they have an “official” Twitter account that they use to post promotional content (even videos) about the malware. Oddly enough they also use it to make fun of the AV community, sharing detection screenshots from VirusTotal (thus leaking IoC) and even engaging in discussions with malware researchers directly”, — report Threat Fabric specialists.
This unusual behavior explains need for attention and, probably, lack of experience.
However, Threat Fabric claims that Cerberus should not be taken lightly.