How to Find Cerberus Banking Trojan? Here is the Guide

A new cyber alert called Cerberus Trojan, a malicious software, theatres a significant role in COVID-19 pandemic. This cybersecurity threat/attack primarily focuses on stealing financial data.

It comes in the form of Short Messaging Services (SMS) to the customers of a bank. On opening the link that comes with the SMS, the malicious software is installed.

From the moment of installation, it starts collecting sensitive data such as password, Credit card Number, Debit Card Number, CVV etc.

The Central Bureau of Investigation (CBI) has warned police and law enforcement agencies, as an alert has been received from the Interpol for the third time, since the wake of the coronavirus pandemic. 

Cerberus – Threat Analysis

Cerberus Trojan bypasses security measures and accesses text messages. 

Researches have reported that the trojan has been found within a few days, as it spread through a Spanish currency converter app (called “Calculadora de Moneda”), which has been available to Android users in Spain since March.

Once executed, this banking trojan has the capabilities to steal victims’ bank-account credentials and bypass security measures, including two-factor authentication (2FA).

This App acts very intelligently to avoid initial detection. The App paints a very legitimate picture as it is available on the Google play store.

Functionalities of Cerberus

The app possesses various credential theft and spying functionalities. It has the capacity to sit on an existing banking App and wait for the application to be accessed.

When the user opens the banking application, it immediately accesses the data. It also has the ability to read text messages. 

It can view two factor authentication (2FA) codes sent via messages.

Cerberus Trojan posing as Cryptocurrency App

Researches from Avast found Cerberus malware appearing on Google Play Store. The malware hid behind a cryptocurrency App. 

The malware basically attempts to steal user’s banking data, which the users would enter while converting their cryptocurrency to fiat money.

This also allowed the App to escape security checks by Google Play store.

Malware has disappeared but threat Persists

Though the active Cerberus trojan functionality appeared for a very short time,

The users must tread with caution while downloading any App, especially the ones dealing with sensitive information, such as bank details.

Remote Access Trojan (RAT) functionalities

The new samples detected include a RAT functionality that enables the total remote control of an infected device.

It acts as a Remote Access Trojan as well.

So, two new features have been introduced,

(i) Commands to access the device files.

(ii) Commands to start the official team viewer application to take full control of the device, including the user interface.

It includes new features, primarily designed to provide attackers with the tools necessary to control the device, remotely. 

On conversion into a Remote Access Trojan (RAT), Cerberus is renewed and reinforced, thereby requiring the strengthening of RAT detection measures.

Security Tips to avoid Cerberus Trojan,

  1. Be careful what you download, think twice about what you download or even plug into your device.
  2. Click on links that are from trusted sources. If you receive an email or text message from an unknown sender asking you to click on a suspicious link, beware and avoid interacting with the sender altogether. 
  3. Whether you are using a mobile banking app on your phone or browsing the Internet on your desktop, it’s important to safeguard all your devices with an extra layer of security. Use robust security software like McAfee Total protection so you can connect with confidence.

Finally,

We have discussed Cerberus and what are the security tips to avoid Cerberus. The Impact of this Trojan also we have seen. Hence, we need to be cautious of these types of attacks.

Here’s a few links of favorite resources on this topic..

  1. https://smartsecuritytips.com/smishing-and-vishing-quick-guide-to-be-alert/
  2. https://smartsecuritytips.com/twelve-indications-you-have-been-hacked/
  3. https://smartsecuritytips.com/guide-on-ransomware-attack-in-cyber-security/
  4. https://smartsecuritytips.com/magecart-attack-on-woocommerce/