The source code for a popular Android banking malware strain has been released online via public forums, raising fears of attacks coming soon.
According to analysts at security firm Kaspersky, the operators of the Cerberus trojan originally attempted to auction off the code to other cybercriminal syndicates, but have now abandoned the material online for anyone to use.
As a result, researchers have witnessed an immediate spike in the number of mobile infections, as cybercriminals harness the complex and sophisticated Android malware to defraud users across Europe.
Android malware
First identified in mid-2019, the Cerberus trojan was originally distributed on underground forums as a malware-as-a-service (MaaS) offering. In other words, any cybercriminal that wished to utilize the banking malware to launch attacks against consumers could pay what essentially amounted to a subscription fee.
According to Kaspersky, the malware has also grown in sophistication since it first hit the scene, with the introduction of mechanisms to bypass two-factor authentication (2FA) and control devices remotely.
Analysis of the source code available online – referred to as Cerberus v2 – shows the trojan is also now able to send and steal SMS codes and launch rigged overlays that sit atop mobile banking applications.
“Cerberus is dead…long live Cerberus. Kaspersky’s findings regarding Cerberus v2 are a warning to everyone impacted by Android security and Android banking security in particular,” said Dmitry Galov, Security Researcher at Kaspersky.
“We’re already seeing an increase in attacks on users since the source code was published. It’s not the first time we’ve seen something like this happen, but this boom of activity since the developers abandoned the project is the biggest developing story we’ve tracked for a while.”
Kaspersky continues to investigate the threat posed by the new edition of Cerberus, but has advised users to take important precautionary measures in the meantime.
To mitigate against the threat posed by Cerberus, the firm claims Android users should download applications from reputable shop fronts (e.g. Google Play Store) only, install system and application updates promptly and use an Android antivirus service for an added layer of protection.