Cerberus

Posted: August 15, 2019

Cerberus Description

Cerberus is a banking Trojan that compromises Android devices for compromising their users' bank accounts. Since the threat is being rented out to other criminals on the dark Web, its infection vectors could vary between attacks. Users should turn off Internet connections and delete Cerberus with an appropriate anti-malware product immediately before changing their passwords and other credentials.

The Dog from Hades Gets into Thievery

Although Cerberus is, by its theme of Greek myth, a guard dog, a new threat actor entrepreneur is putting an ironic spin on the name. The dev team's project, the Cerberus banking Trojan, specializes in collecting data from bank accounts and hijacking transactions, which it does through conventional overlay attacks. Other aspects of Cerberus's operations and history do a surprisingly good job of setting it apart from the generic, Anubis code-based Trojans of yore.

First and foremost, Cerberus's threat actor is behaving unusually casually for people in an illicit business. They use social media for taunting the cyber-security community, even to the point of compromising some minor aspects of their Trojan's design in screenshots and maintain a consistent stream of promotional material for any prospective clients. Although Cerberus doesn't offer all of the most sophisticated features of some banking Trojans, such as reverse proxy or RAT capabilities, the Trojan is uniquely-designed without relationships to old threats. This trait can enhance its appeal in the underground market.

Cerberus lacks some attack functions but includes a range of others, such as:

  • Cerberus can run a keylogger that records typed information into an uploadable text file.
  • Cerberus can harvest the user's contact lists for addresses.
  • Cerberus can send SMS messages or make calls (after gaining initial permission from the user during its setup).

However, all of these are, arguably, less vital than Cerberus's overlay, which places a transparent graphical layer on top of the user's browser. This feature assists with compromising bank accounts and transactions, although, for now, Cerberus is limiting itself to a highly-curated list of banking businesses, most of which are in France or the United States.

Banishing a Money-Gnawing Hound Back to the Hell

The creativity of Cerberus's threat actor concerns more than social media platforms like Twitter. They also express some unorthodox, problem-solving ideas in their anti-detection features. Cerberus, like most banking Trojans, includes protection against analysis environments and sandboxes. However, it does so by tracking the user's footsteps through an accelerometer; in other words, a non-mobile or simulation environment never triggers the botnet functions. This feature only works due to Cerberus's Android-specific environmental preferences.

The first permission request of Cerberus's installation is the most visible evidence of its presence that a victim will acquire before worse attacks commence. As a general rule, users should avoid granting permissions to applications before verifying their safety. Once Cerberus has this approval, it can give more permissions to itself without needing any more consent.

Android-compatible anti-malware services should delete Cerberus as a threat – although the Trojan does take steps against Google-brand solutions like Play Protection, which users shouldn't depend on solely.

Cerberus is coming into the Internet at a rocky time for the banking Trojan sector and leveraging psychological tools to its benefit. Although its bite is narrowly-aimed, there's no telling what else it may target, as 2019 changes seasons.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Cerberus may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Cerberus may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.