Researchers have detected the Cerberus Trojan hidden in an app known as “Calculadora de Moneda” disguised as a legal currency converter in Google Play Store.

According to the security experts, this malicious app was designed for Spanish users. Though at first, it seemed normal, but, in reality, it covered a malware in its code that is capable of stealing credentials from banking apps.


Since last March, this malicious app is on Google Play, which is developed by Thomas Zeitlhofer, and it has already been downloaded more than 10,000 times.

Mobile malware has become a common threat today, as we do not use our mobile devices to communicate with our friends and relatives only, but also use them for entertainment and manage financial accounts as well.

This app may have gone overlooked because it hid its malicious intent for the first few weeks while it was available in the store; thus, no unusual activity was detected. This malicious app was designed to download another third-party app on the infected device that is intended to replicate a banking app without the users realizing it.

The attacker performs all these actions via the C&C server, which instructs the app not to issue any commands to evade the users and download the malware on their device.

The Malicious Currency Converter App 

The Currency converter app includes the code that remodels it into a dropper through an update. Once users updated the app, and it already had the code downloaded and activated, it starts the installation of an .APK, that was the Trojan itself.

Once the victim logs into their banking application, the Cerberus Trojan starts operating by replicating the main screen of this app. Here, when the user enters their credentials, they are intercepted by the malicious app. Even it also has the ability to “read text messages and two-factor authentication details” as well.

Security experts at Avast reported that the malware was active only during the past Monday, July 6, after which it disappeared without any trace. Although it was a short period, it’s a method that scammers often use to hide from detection to limit the time interval where malicious activity can be caught.

Mitigations to Protect Yourself From Mobile Banking Trojans

  • Before downloading and using any banking app, always verify the app, whether it’s a genuine official app from the bank itself.
  • Always use two-factor authentication.
  • Download apps from only reliable stores like Google Play or Apple’s App Store.
  • Always check the ratings and comments of the apps that you want to download and use on your device.
  • Always pay attention to the permissions requested by the app.
  • Always use a security tool to add an extra layer of security to your device.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read: FAKESPY – An Android Malware steal SMS messages, Application, and Financial data Around the World

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.