Cerberus: A New Android ‘Banking Malware For Rent’ Emerges

Cerberus android banking trojan

After a few popular Android Trojans like AnubisRed Alert 2.0GM bot, and Exobot, quit their malware-as-a-service businesses, a new player has emerged on the Internet with similar capabilities to fill the gap, offering Android bot rental service to the masses.

Dubbed “Cerberus,” the new remote access Trojan allows remote attackers to take total control over the infected Android devices and also comes with banking Trojan capabilities like the use of overlay attacks, SMS control, and contact list harvesting.

According to the author of this malware, who is surprisingly social on Twitter and mocks security researchers and antivirus industry openly, Cerberus has been coded from scratch and doesn’t re-use any code from other existing banking Trojans.

The author also claimed to be using the Trojan for private operations for at least two years before renting it out for anyone interested from the past two months at $2000 for 1 month usage, $7000 for 6 months and up to $12,000 for 12 months.

Cerberus Banking Trojan: Features

According to security researchers at Threat Fabric who analyzed a sample of Cerberus Trojan, the malware has a pretty common list of features, like:

  • taking screenshots
  • recording audio
  • recording keylogs
  • sending, receiving, and deleting SMSes,
  • stealing contact lists
  • forwarding calls
  • collecting device information
  • Tracking device location
  • stealing account credentials,
  • disabling Play Protect
  • downloading additional apps and payloads
  • removing apps from the infected device
  • pushing notifications
  • locking device’s screen

Once infected, Cerberus first hides its icon from the application drawer and then asks for the accessibility permission by masquerading itself as Flash Player Service. If granted, the malware automatically registers the compromised device to its command-and-control server, allowing the buyer/attacker to control the device remotely.

To steal users’ credit card numbers, banking credentials and passwords for other online accounts, Cerberus lets attackers launch screen overlay attacks from its remote dashboard.

In screen overlay attack, the Trojan displays an overlay on top of legitimate mobile banking apps and tricks Android users into entering their banking credentials into the fake login screen, just like a phishing attack.

“The bot abuses the accessibility service privilege to obtain the package name of the foreground application and determine whether or not to show a phishing overlay window,” the researchers said.

android banking malware

According to researchers, Cerberus already contains overlay attack templates for a total of 30 unique targets, including:

  • 7 French banking apps
  • 7 U.S. banking apps
  • 1 Japanese banking app
  • 15 non-banking apps

Cerberus Uses Motion-based Evasion Tactic

Cerberus also uses some interesting techniques to evade detection from antivirus solutions and prevent its analysis, like using the device accelerometer sensor to measure movements of the victim.

The idea is straightforward—as a user moves, their Android device usually generates some amount of motion sensor data. The malware monitors the user’s steps through the device motion sensor to check if it is running on a real Android device.

“The Trojan uses this counter to activate the bot—if aforementioned step counter hits the pre-configured threshold it considers running on the device to be safe,” the researchers explain.

“This simple measure prevents the Trojan from running and being analyzed in dynamic analysis environments (sandboxes) and on the test devices of malware analysts.”

If the user’s device lacks sensor data, the malware assumes that the sandbox for scanning malware is an emulator with no motion sensors and will not run the malicious code.

However, this technique is also not unique and has previously been implemented by the popular Android banking Trojan ‘Anubis’.

It should be noted that Cerberus malware does not exploit any vulnerability to get automatically installed on a targeted device in the first place. Instead, the malware installation relies on social engineering tactics.

Therefore, to protect yourself from becoming victims to such malware threats, you are recommended to be careful what you download on your phone and definitely think thrice before side-loading stuff as well.

The Federal Reserve might as well use carrier pigeons

In the early 1760s, Mayer Rothschild began building a banking dynasty that would last for centuries.

The elder Rothschild sent his five sons across Europe to establish banks in cities like Paris and London.

One son, Nathan Rothschild, took the lead and expanded the family’s banking dynasty.

With siblings in different countries, the family now had a trusted network of lenders with whom they could finance large government projects like infrastructure and war.

Did you know? You can receive all our actionable articles straight to your email inbox… Click here to signup for our Notes from the Field newsletter.

To quicken the pace of their financial transactions, the brothers used a network of carrier pigeons to send messages to one another across Europe.

This allowed them to quickly react to financial news from other markets. That way they could always be the first in a local market to respond to news from abroad.

Bad news in Paris markets could be sent by pigeon to London, where Nathan could sell a stock that would be negatively affected.

Things have gotten a lot faster these days.

Scientists have discovered how to accelerate an ion to 99.9999% the speed of light.

The Internet allows us to speak to someone across the globe, instantaneously, anytime of day or night.

We’re even on the verge of commercial space flights. By 2023, SpaceX plans to send a Japanese billionaire around the moon.

And yet, despite all this speed, it can still take several DAYS to send money from one person to another using the traditional banking system.

Rather humorously, the Federal Reserve announced last week that a ‘real time’ payment system would be (hopefully) released in about FOUR YEARS time.

Bear in mind that companies like PayPal that allow for real time payments have been around for 20 years. Cryptocurrencies like Bitcoin have been around for more than a decade.

And now, FINALLY, the Federal Reserve might get around to implementing the same thing.

This is pretty crazy when you think about it. The Fed is supposed to be leading the way in banking; they’re the top regulator and largest central bank in the world.

But they’re hilariously far, far behind the rest of the industry.

Domestic money transfers in the United States rely on the ‘ACH’ payment network to send and receive money.

If your paycheck is direct deposited into your bank account, or mortgage payment automatically deducted, these typically use ACH.

ACH payments take 2-3 DAYS to clear. That’s totally insane in this day and age. Seriously, the Rothschilds’ network of carrier pigeons didn’t even take that long.

And if you’ve ever dealt with international financial transactions, you have probably heard of the SWIFT network.

SWIFT is a worldwide banking network that allows financial institutions to ‘securely’ send and receive messages about wire transfers and payments.

I’m putting ‘securely’ in quotes because the system has been hacked a number of times. And it runs on pathetically outdated technology.

As many readers know, I own a bank. And I’ll never forget when we joined SWIFT, they told us that in order to run some of their software we needed to install an obsolete version of Windows that Microsoft stopped supporting years ago.

Seriously? This is the ‘secure’ system that is responsible for trillions of dollars of worldwide financial transactions?

Nearly every major worldwide banking authority is playing a pitiful game of catch-up with non-bank technology companies that have developed vastly superior ways to conduct financial transactions.

Think about it– nearly every single function of a bank– deposits, loans, foreign exchange, payments– can be done better, faster, and cheaper outside of the banking system.

You can hold money in the Blockchain (or even something low-tech like T-bills, which pay 100x more interest than your bank account. Or gold.). You can borrow money from peer-to-peer websites. You can send money with firms like Venmo or TransferWise.

Banks are becoming useless antiques. And by the time the Federal Reserve has figured out how to make real time payments, I expect the technology at that time will have leapfrogged their best efforts.

Facebook could easily have hundreds of millions of people using its digital currency Libra within 12 months.

So sending money could become as easy as sending an email, all without using a bank, and three years before the Fed joins the 21st century.


%d bloggers like this: