News

Authors of the new Android Trojan advertise their product and make fun of anti-virus vendors on Twitter

Security experts analyzed a new interesting banking Trojan for the Android mobile operating system.

The malware got the name Cerberus, and its author rents out its development (malware-as-a-service scheme).

Cerberus is a Remote Access Trojan (RAT) designed from the ground up — without partial or full use of the code of another malicious program.

The malware came under the “microscope” of researchers from the company Threat Fabric.

“In June, our analysts found a new malware for Android, it was named “Cerberus“. The authors of the trojan claim that they managed to avoid detection for two years with antivirus products. There is also information that the malware was written from scratch”, – the Threat Fabric report said.

As the experts found out during the analysis, Cerberus allows its operators to get full control over the attacked device.

The new malware has all the features of a banking trojan: overlaying its windows on top of other applications, intercepting SMS messages and accessing the victim’s contact list.

Read also: Google Play clicker Trojan installed over 100 million times

In addition, Cerberus can take screenshots, record audio, record keystrokes and more.

The author of this malware is quite active on Twitter. There he laughs at the developers of anti-virus solutions – he managed to bypass detection for two years.

Cerberus

“One peculiar thing about the actor group behind this banking malware is that they have an “official” Twitter account that they use to post promotional content (even videos) about the malware. Oddly enough they also use it to make fun of the AV community, sharing detection screenshots from VirusTotal (thus leaking IoC) and even engaging in discussions with malware researchers directly”, — report Threat Fabric specialists.

This unusual behavior explains need for attention and, probably, lack of experience.

However, Threat Fabric claims that Cerberus should not be taken lightly.

In addition to the feature base it already possesses and the money that can be made from the rental, it could evolve to compete with the mightiest Android banking Trojans. Specialists expect the target list to be expanded to contain additional (banking) apps in the nearest future.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

23 hours ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

23 hours ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

23 hours ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

23 hours ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

23 hours ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

23 hours ago