Its complete source code Cerberus has been leaked to underground forums and is now available for free to digital criminals. Its experts Kaspersky actively saw the revival of the malicious Android banking software from July 2020, following the abandonment, trial sale and final release of the project by the original developer. Through evolving functionality that includes two-factor identity theft (2FA) and remote access (RAT) features, the level of “infections” from Cerberus has already increased, especially in Russia and Europe.
The Cerberus is an advanced Android banking program for malware, which was originally monitored in the summer of 201
Despite its Russian-speaking developers Cerberus which revived it in April last year, source code auctions began in late July due to the dissolution of the development team. Due to unclear factors, the creator later decided to publish the source code of the project for premium users in a popular Russian-speaking underground forum.
The result has been an immediate increase in “infections” from mobile applications and consumer theft attempts in Russia and across Europe, as more and more digital criminals acquire malware for free.
From the first monitoring of its activities in July, its complexity Cerberus has increased to new levels of functionality, in the same way as Anubis – another example of malicious Android banking software released at the end of 2019 to the detriment of customers and the banks themselves.
Kaspersky is still exploring “v2” after acquiring the published file that contained the source code. An in-depth analysis of the infrastructure has already revealed the ability of malicious software to secretly send and steal SMS codes, open custom overlays for various online banks and steal 2FA codes, including Google Authenticator. Additional features include access to credit card and customer contact information, call forwarding or mobile RAT functionality.
Mr. Dmitry Galov, A security researcher at Kaspersky, commented
Cerberus is dead … live Cerberus. Kaspersky’s performance on Cerberus v2 is an early warning to anyone involved in Android security, especially Android banking security. We are already seeing an increase in attacks on users since the publication of the source code. This is not the first time we have seen such a thing, but this activity boom since the developers left the project is the biggest development story we have seen in a while.
We continue to investigate all code-related results and will soon publish further in-depth analyzes. But in the meantime, it contains the best form of defense that users can adopt security aspects that should already apply to all their mobile devices.
Kaspersky Mobile Phone Users Security Tips
- Download and install apps only from official app stores, such as Google Play on Android devices or the App Store on iOS.
- Disable the feature to install applications from unknown sources in the smartphone settings.
- Never “root” devices as this gives digital criminals unlimited opportunities to carry out attacks.
- Install system and application updates immediately to fix security issues. Updates to the mobile operating system should never be received from external sources.
- When it comes to financial or personal matters, always follow a pre-selected strategy of caution and skepticism to stay awake.
- Use a reliable security solution like Kaspersky Security Cloud to protect against a large number of threats.