Speaking at the Kaspersky NEXT 2020 event, Kaspersky Lab expert Dmitry Galov said that the auction for the sale of the source codes of the Android banking Trojan Cerberus apparently did not meet the expectations of the malware authors. As a result, the source code was published for free for premium users on a popular Russian-language hack forum, the newspaper reports. ZDNet…
Let me remind you that at the end of this summer we already wrote about selling Cerberus sources. The price started at $ 50,000, and the malware authors intended to hold an auction in increments of $ 1,000 (however, for $ 100,000, malware can be purchased immediately and without bargaining). This price included everything at once: from the source code to the list of customers, along with installation instructions and scripts for the components to work together. That is, the buyer could get the source code of the malicious APK, the module, as well as "keys" from the admin panel and servers.
Then the seller assured that the reason for selling the source is simple: supposedly, the hack group that created Cerberus has disintegrated, and there is no one else to deal with round-the-clock support. As a result, everything was put up for sale, including a customer base with an active license, as well as contacts of customers and potential buyers. At the same time, according to the seller, Cerberus brought its operators about $ 10,000 a month.
Now Galov announced that the source codes of the banker are now being distributed under the name Cerberus v2, and this poses a great threat to smartphone users and the banking sector in general. It seems that no one was willing to buy the Trojan even for $ 50,000.
According to experts, after the publication of source codes in Europe and Russia, an increase in mobile malware infections has already been observed. At the same time, Galov noted that the previous operators of Cerberus preferred not to attack Russian users of mobile devices, but now the picture has changed significantly.
Cerberus was discovered by information security specialists in the summer of 2019. Then it was reported that the malware does not use any vulnerabilities and spreads exclusively through social engineering.
The modular banker allows cybercriminals to establish full control over the infected device, and also has the classic functions for such malware: using overlays, SMS control, and extracting the contact list. Also at the beginning of this year, ThreatFabric experts wrote that the Trojan learned to steal two-factor authentication codes generated by the Google Authenticator application.
Throughout the year, the hack group behind the malware advertised its Trojan as a subscription service – it cost $ 12,000 a year (or $ 4,000 for 3 months, $ 7,000 for 6 months).