The full source code of “Cerberus” has been leaked to underground forums and is now available free of charge to digital criminals.
Kaspersky experts have been actively monitoring the revival of the “Android banking” malware since July 2020, following the abandonment, the sale attempt and the final release of the project by the original developer.
Through evolving functionality that includes two-factor identity theft (2FA) and remote access (RAT) functions, the level of “infections” from “Cerberus” has already increased, especially in Russia and Europe.
“Cerberus” is a sophisticated “Android banking” malware, originally monitored in the summer of 2019 and actively distributed on a MaaS (Malware-as-a-Service) basis in various underground forums. The recent leak of source code –referred to as “Cerberus v2”— opens up new, public opportunities for digital criminals who want to threaten the banking sector via Android devices.
Despite the Russian-speaking developers of “Cerberus” reviving it last April, auctions for the source code began in late July due to the dissolution of the development team. Due to unclear factors, the creator later decided to publish the project’s source code for premium users on a popular Russian-speaking underground forum.
The result was an immediate increase in “infections” from mobile apps and attempts to steal money from consumers in Russia and across Europe, as more and more digital criminals acquire the malware for free.
Since first tracking its activity in July, the complexity of “Cerberus” has increased to new levels of functionality, in the same way as “Anubis”; another example of “Android banking” malware released in late 2019 at the expense of customers and banks themselves.
Kaspersky is in the process of investigating “v2” further, having acquired the published file that included the source code. In-depth analysis of the infrastructure has already revealed the ability of malware to secretly send and steal SMS codes, open custom overlays for various online banks and steal 2FA codes, including “Google Authenticator”.
Additional features include access to credit card and customer contact information, call forwarding, or mobile functionality through RAT features.
Kaspersky security tips for mobile banking users
- Download and install apps only from official app stores, such as “Google Play” on Android devices or the “App Store” on iOS.
- Turn off the feature to install programs from unknown sources in your smartphone settings.
- Never “root” devices as this gives digital criminals unlimited possibilities to carry out attacks.
- Install system and application updates immediately to fix security gaps. Updates to the mobile operating system should never be received from external sources.
- When it comes to financial or personal information, always follow a default strategy of caution and skepticism to stay alert.
- Use a reliable security solution.