Hackers Launching Banking Trojan “Cerberus” to Attack Android Devices via Google Play

Researchers have detected the Cerberus Trojan hidden in an app known as “Calculadora de Moneda” disguised as a legal currency converter in Google Play Store.

According to the security experts, this malicious app was designed for Spanish users. Though at first, it seemed normal, but, in reality, it covered a malware in its code that is capable of stealing credentials from banking apps.

Since last March, this malicious app is on Google Play, which is developed by Thomas Zeitlhofer, and it has already been downloaded more than 10,000 times.

Mobile malware has become a common threat today, as we do not use our mobile devices to communicate with our friends and relatives only, but also use them for entertainment and manage financial accounts as well.

This app may have gone overlooked because it hid its malicious intent for the first few weeks while it was available in the store; thus, no unusual activity was detected. This malicious app was designed to download another third-party app on the infected device that is intended to replicate a banking app without the users realizing it.

The attacker performs all these actions via the C&C server, which instructs the app not to issue any commands to evade the users and download the malware on their device.

The Malicious Currency Converter App

The Currency converter app includes the code that remodels it into a dropper through an update. Once users updated the app, and it already had the code downloaded and activated, it starts the installation of an .APK, that was the Trojan itself.

Once the victim logs into their banking application, the Cerberus Trojan starts operating by replicating the main screen of this app. Here, when the user enters their credentials, they are intercepted by the malicious app. Even it also has the ability to “read text messages and two-factor authentication details” as well.

Security experts at Avast reported that the malware was active only during the past Monday, July 6, after which it disappeared without any trace. Although it was a short period, it’s a method that scammers often use to hide from detection to limit the time interval where malicious activity can be caught.

Mitigations to Protect Yourself From Mobile Banking Trojans

  • Before downloading and using any banking app, always verify the app, whether it’s a genuine official app from the bank itself.
  • Always use two-factor authentication.
  • Download apps from only reliable stores like Google Play or Apple’s App Store.
  • Always check the ratings and comments of the apps that you want to download and use on your device.
  • Always pay attention to the permissions requested by the app.
  • Always use a security tool to add an extra layer of security to your device.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read: FAKESPY – An Android Malware steal SMS messages, Application, and Financial data Around the World

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

11 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

15 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

15 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago