Skip to main content

Posts

Showing posts from August, 2019

Cerberus - A new banking Trojan from the underworld

Intro In June 2019, ThreatFabric analysts found a new Android malware, dubbed "Cerberus", being rented out on underground forums. Its authors claim that it was used for private operations for two years preceding the start of the rental. They also state that the code is written from scratch and is not using parts of other existing banking Trojans, unlike many other Trojans that are either based completely on the source of another Trojan (such as the leaked Anubis source code that is now being resold) or at least borrow parts of other Trojans. After a thorough analysis, we can confirm that Cerberus was indeed not based on the Anubis source code. One peculiar thing about the actor group behind this banking malware is that they have an "official" Twitter account that they use to post promotional content (even videos) about the malware. Oddly enough they also use it to make fun of the AV community, sharing detection screenshots from VirusTotal (thus leaking IoC) an