Malware author releases the Cerberus banking Trojan source code after failing to elicit a response from bidders
In July 2020, we had reported how the hacking group behind Cerberus banking Trojan had split due to differences. After a difference of opinion led to infighting, the hacking group decided to put up the source code of Cerberus banking Trojan for sale on Russian hacking forums. However, their ask price at $100,000 for the Cerberus banking Trojan was quite high and failed to get any response from cybercriminals.
Now the hacking group has released the source code of the Cerberus banking Trojan as free malware download on various dark web hacking forums following a failed auction. Security researcher Dmitry Galov of Kaspersky says that the hacking group has leaked the source code of the malware Cerberus v2.
Cerberus banking Trojan is a malware that hides behind legitimate Android Apps. It is specifically designed for the Google Android operating system and has been in circulation since July 2019. Cereberus banking Trojan can spy, intercept messages, and steal data including banking credentials by creating overlays on existing banking, retail, and social networking apps.
Once the App manages to bypass Google’s security barriers and gets listed on Google Play, it is downloaded by the victim and actually acts as a legitimate and useful utility App. However, Avast security researchers noticed that it lies dormant until it is activated by its command and control servers. Once it is executed, the malware creates an overlay across existing banking and financial apps. Cerberus will lurk in the background, waiting for a user to input their account credentials, of which this information is then stolen and sent to the hacking group’s command and control server.
Avast has noted that the malware is sophisticated enough to read your text messages — often used to deliver one-time passcodes (OTP) — as well as grab two-factor authentication (2FA) details. These security measures are intended to further protect our online banking sessions, but Cerberus can circumvent these controls.
The hacking group who operated Cerberus banking Trojan had put the malware for sale on Russian hacking forums for a reserve price of $50,000 with the aim of generating up to $100,000. The malware package included malware APK source code, client list, servers, and code for administrator panels. The auctioneer claimed that Cerberus generated $10,000 in revenue per month. However, there were no bidders for this amount hence the operators decided to release the source code of Cerberus banking malware called Cerberus v2 for free.