17 September 2020

Source code of Cerberus banking trojan offered for free on underground forums


Source code of Cerberus banking trojan offered for free on underground forums

The team behind Cerberus banking trojan has released its source code for free on hacking forums following a failed auction.

Cerberus is an Android RAT developed from scratch, which is able to conduct covert surveillance, intercept communication, modify device functionality, steal data including banking credentials, and hijack messages containing one-time passcodes (OTP) and two-factor authentication (2FA) codes. Cerberus emerged as the malware-as-a-service in August 2019 with its operators renting the malware for up to $12,000 per year, or $4,000 for a three-month period.

In July, the developers of Cerberus have put up the entire project on auction due to the crew breaking up and having no time to support the operation 24/7. The project, which included trojan’s source code (the malicious APK, the admin panel, and C2 code) along with the customer list, the installation guide and scripts to make components work together was offered for a starting price of $50 000 with the end goal of $100 000. The seller claimed that Cerberus generated $10,000 in revenue per month. However, it seems there were no buyers for the project.

“Despite Cerberus' Russian speaking developers earmarking a new vision for the project in April this year, auctions for the source code began in late July due to the breakup of the development team. Due to an unclear culmination of factors, the author later decided to publish the project source code for premium users on a popular Russian-speaking underground forum,” Dmitry Galov, the cybersecurity researcher at Kaspersky said.

According to the researchers, the release of the Cerberus’ source code resulted in a spike in attacks against users in Russia and Europe, although in the past Cerberus' clients were not encouraged to strike Russian mobile device users.

“We continue to investigate all found artifacts associated with the code, and will track related activity. But, in the meantime, the best form of defense that users can adopt involves aspects of security hygiene that they should be practicing already across their mobile devices and banking security,” Galov added.

Back to the list

Latest Posts

Cryptocurrency service 'Harvest Finance' offers $100K bounty after massive hack

Cryptocurrency service 'Harvest Finance' offers $100K bounty after massive hack

In total, the attacker stole $13 million worth of USD Coin and $11 million worth of Tether.
27 October 2020
KashmirBlack botnet targets popular CMS platforms to mine cryptocurrency, spread spam

KashmirBlack botnet targets popular CMS platforms to mine cryptocurrency, spread spam

The botnet utilizes exploits for dozens of known vulnerabilities that allow it to attack sites running CMS platforms, such as WordPress, Joomla!, Drupal, and vBulletin.
26 October 2020
Emotet swithes to new template, urges users to update Microsoft Word

Emotet swithes to new template, urges users to update Microsoft Word

The Emotet botnet is deemed particularly dangerous as it is used to deliver a variety of malware, including the Trickbot and QBot trojans.
26 October 2020