Cerberus does not exploit any vulnerabilities and is distributed exclusively through social engineering. It allows attackers to establish full control over an infected device, and has functions of a classic banker, such as using overlays, SMS control, and extracting a contact list.
The author of this malware, who is very active on social networks in general and Twitter in particular, and openly makes fun on information security experts and the anti-virus industry, claims that the malware was written from the scratcg and does not use the code of any other banking Trojans.
“Autor also state that the code is written from scratch and is not using parts of other existing banking Trojans unlike many other Trojans that are either based completely on another Trojan (such as the leaked Anubis source code that is now being resold) or at least borrow parts of other Trojans. After thorough analysis we can confirm that Cerberus was indeed not based on the Anubis source code”, — confirm ThreatFabric researchers.
The virus writer also claims that he personally used Cerberus for his operations for at least two years before deciding to lease the malware to everyone. A month of renting a banker will cost $2,000, half a year $7,000 and a year renting a malware will cost up to $12,000.
In general, Cerberus has a fairly standard feature set. So, he is capable of:
After infection, Cerberus first hides its icon, and then requests the rights it needs (through the Accessibility Service), masking itself as a Flash Player.
Perhaps the most interesting feature of this malware is the method by which Cerberus avoids detection. The malware reads data from the accelerometer and, using a simple pedometer, can track whether the victim is moving.
Read also: Trojan Varenyky spies on porn sites users
This helps to avoid running on test devices or in the sandbox. As a result, the malware is activated and begins to interact with the management server, only by counting a certain number of steps.
Currently, ThreatFabric specialists have discovered several samples of fishing operations used by Cerberus to steal credentials and bankcard information. So, among the goals of malware are banking applications from France (7), the USA (7) and Japan (1) and 15 more applications that are not related to banks (including Outlook, Yahoo, Twitter, WhatsApp, Telegram, Viber, Snapchat, WeChat, Uber).
About Adblockelite.xyz Adblockelite.xyz pop-ups can not open out of nowhere. If you have clicked some…
About Appcloud-center.com Appcloud-center.com pop-ups can not open out of nowhere. If you have actually clicked…
About Groopheetex.com Groopheetex.com pop-ups can not expose out of nowhere. If you have clicked on…
About Vidstreambox.com Vidstreambox.com pop-ups can not expose out of the blue. If you have actually…
About Mac-uptodate.com Mac-uptodate.com pop-ups can not introduce out of the blue. If you have actually…
About Taffetlervers.com Taffetlervers.com pop-ups can not expose out of the blue. If you have clicked…