Mobile Banking Trojan Available To All On Dark Web And It's Free!
By: Jim Stickley and Tina Davis
January 8, 2021
Although it’s available for free on the dark web, victims of the Cerberus banking trojan will tell you it can be very costly. Security analysts at Kaspersky found the cybercriminals behind Cerberus originally intended to sell the code to criminal syndicates. But for reasons unknown, the hacking group eventually posted the blueprint for Cerberus online for free, making it easily available to anyone who wanted it. Kaspersky finds that cybercriminals who are taking advantage of the free Android malware are currently deploying it to financially defraud users across Europe. And as we’ve seen before with many other malware attacks around the world, it’s just a matter of time before Cerberus banking trojan starts showing up in the U.S.
Identified in mid-2019, Cerberus banking trojan was originally available on underground hacker forums as malware-as-a-service (MaaS). That means cybercriminals wanting to use the malware for attacks pay a subscription fee, also considered “renting” the Cerberus trojan. To no one’s surprise, Kaspersky found there’s a lot of interest in free Cerberus, and they reported an immediate spike in mobile device infections after the malware became available at no charge.
Cerberus Improved
Like with much of malware, Kaspersky finds Cerberus trojan has improved over time, becoming more sophisticated and effective. The report finds the improvements include mechanisms to bypass 2FA (two-factor authentication) and controlling devices remotely. A look at the free source code (called Cerberus v2) shows the trojan can send and steal SMS (text) verification codes that authenticate a user as part of the login process. Another improvement allows overlays on top of a mobile banking app page. These overlays are an exact duplicate of the true page, making them nearly impossible to detect. These overlays are designed to steal data like passwords, account numbers, and other PII (personally identifiable information). Know that keeping trojans like Cerberus away from a mobile banking app is possible as long as precautionary steps are carefully followed.
Protecting a Device from Malware Infection
- Always purchase apps from the official app stores for every device, in this case, from Google Play. Although not perfect, both Google and Apple scan apps for malware before making them available on their site. Sideloading apps from third-party vendors is a serious risk since they aren’t as diligent about looking for malware-infested apps, and these sites are a favorite haunt for hackers.
- Use antivirus software on all devices so that any trace of malware can be found and stopped from being activated, adding an additional security layer.
- Always keep all apps and devices updated with the latest versions available, as soon as they are available. Updates often include fixes for security bugs and other flaws in operating systems and software. These updates can be a vital part of staying malware-free.