Cerberus banking trojan was found in a currency converter app after Google’s Play Protect mechanism failed to identify the threat.
The infamous Cerberus banking trojan has been discovered stealing user’s banking credentials via a Spanish currency converter app (Calculadora de Moneda) available on Google Play store. The malicious application had already been downloaded 10,000 times since March.
The currency-converter application riddled with nasty Cerberus would steal users’ bank account details and furthermore, bypass all security measures including two-factor authentications. Prior to this, Cerberus inculcated email phishing overlay to extract credit card information, banking credentials, and other sensitive yet confidential information.
Cerberus infiltrates showing stealth capabilities
The Mobile Threat Labs team at Avast discovered that the infiltration was done in stages. Cerberus banking trojan, before starting any malicious activity, would disguise itself as a genuine app ensuing standard functionalities for weeks to gain user’s trust. The stealth dodged Google’s Play Protect team as well.
In mid-June, the newer version of the currency converter application had a dropper code that, only upon instructions from the ‘command and control server’ would activate and download additional malicious Android application package (APK) called the banker-Cerberus. This is done without the victim’s knowledge.
See: Fake govt COVID-19 contact tracking app spreads Android ransomware
The Cerberus would sit over an existing banking application and wait for the user to login and enter credentials. At this point, the Cerberus banking trojan activates and creates a layover that steals all your informa ..
Support the originator by clicking the read the rest link below.
