The authors of the Android Cerberus banking trojan are auctioning the project for a price starting at $50,000, with $100K the deal could be immediately closed.
The authors of the notorious Cerberus Android banking trojan are auctioning their project for a price starting at $50,000, but buyers could close the deal for $100,000.
The overall project includes the source code of the components (the malicious APK, the admin panel, and C2 code), the installation guide, a collection of scripts for the setup and a customer list with an active license, along with contacts for customers and potential buyers.
The malware-as-a-service Cerberus has emerged in the threat landscape in August 2019, it is an Android RAT developed from scratch that doesn’t borrow the code from other malware.
According to researchers at Threat Fabric who first analyzed the malicious code, Cerberus implements features similar to other Android RAT, it allows operators to full control over infected devices.
The malware implements banking Trojan capabilities such as the use of overlay attacks, the ability to intercept SMS messages and access to the contact list.
- taking screenshots
- recording audio
- recording keylogs
- sending, receiving, and deleting SMSes,
- stealing contact lists
- forwarding calls
- collecting device information
- Tracking device location
- stealing account credentials,
- disabling Play Protect
- downloading additional apps and payloads
- removing apps from the infected device
- pushing notifications
- locking device’s screen
The author of this malware is very active on Twitter and mocks security firms claiming to have avoided the detection for at least two years.
In February, the authors implemented the ability to steal 2FA code from the Google Authenticator app abusing the Accessibility Privileges.
In the last months, the maintainers of the Cerberus Trojan were offering their bot for rent for up to $12,000 per year, while they also offered a license for $4,000/3 months and $7,000/6 months.
“The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money.” reported BleepingComputer.
“According to a post from the seller on a Russian-speaking underground forum, the business is currently generating $10,000 every month.”
The maintainers of the Cerberus Android Trojan decided to sell the source code because the group split up and they have no time to provide 24/7 support.
(SecurityAffairs – hacking, Cerberus)