The team behind Cerberus banking trojan has released its source code for free on hacking forums following a failed auction.

Cerberus is an Android RAT developed from scratch, which is able to conduct covert surveillance, intercept communication, modify device functionality, steal data including banking credentials, and hijack messages containing one-time passcodes (OTP) and two-factor authentication (2FA) codes. Cerberus emerged as the malware-as-a-service in August 2019 with its operators renting the malware for up to $12,000 per year, or $4,000 for a three-month period.

In July, the developers of Cerberus have put up the entire project on auction due to the crew breaking up and having no time to support the operation 24/7. The project, which included trojan’s source code (the malicious APK, the admin panel, and C2 code) along with the customer list, the installation guide and scripts to make components work together was offered for a starting price of $50 000 with the end goal of $100 000. The seller claimed that Cerberus generated $10,000 in revenue per month. However, it seems there were no buyers for the project.

“Despite Cerberus' Russian speaking developers earmarking a new vision for the project in April this year, auctions for the source code began in late July due to the breakup of the development team. Due to an unclear culmination of factors, the author later decided to publish the project source code for premium users on a popular Russian-speaking underground forum,” Dmitry Galov, the cybersecurity researcher at Kaspersky said.

According to the researchers, the release of the Cerberus’ source code resulted in a spike in attacks against users in Russia and Europe, although in the past Cerberus' clients were not encouraged to strike Russian mobile device users.

“We continue to investigate all found artifacts associated with the code, and will track related activity. But, in the meantime, the best form of defense that users can adopt involves aspects of security hygiene that they should be practicing already across their mobile devices and banking security,” Galov added.