Saturday, March 6, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

A New Android ‘Banking Malware For Rent’ Emerges

August 14, 2019
in Internet Privacy
A New Android ‘Banking Malware For Rent’ Emerges
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

After a few popular Android Trojans like Anubis, Red Alert 2.0, GM bot, and Exobot, quit their malware-as-a-service businesses, a new player has emerged on the Internet with similar capabilities to fill the gap, offering Android bot rental service to the masses.

Dubbed “Cerberus,” the new remote access Trojan allows remote attackers to take total control over the infected Android devices and also comes with banking Trojan capabilities like the use of overlay attacks, SMS control, and contact list harvesting.

You might also like

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

According to the author of this malware, who is surprisingly social on Twitter and mocks security researchers and antivirus industry openly, Cerberus has been coded from scratch and doesn’t re-use any code from other existing banking Trojans.

The author also claimed to be using the Trojan for private operations for at least two years before renting it out for anyone interested from the past two months at $2000 for 1 month usage, $7000 for 6 months and up to $12,000 for 12 months.

Cerberus Banking Trojan: Features

According to security researchers at Threat Fabric who analyzed a sample of Cerberus Trojan, the malware has a pretty common list of features, like:

  • taking screenshots
  • recording audio
  • recording keylogs
  • sending, receiving, and deleting SMSes, 
  • stealing contact lists
  • forwarding calls
  • collecting device information
  • Tracking device location
  • stealing account credentials, 
  • disabling Play Protect
  • downloading additional apps and payloads
  • removing apps from the infected device
  • pushing notifications
  • locking device’s screen

Once infected, Cerberus first hides its icon from the application drawer and then asks for the accessibility permission by masquerading itself as Flash Player Service. If granted, the malware automatically registers the compromised device to its command-and-control server, allowing the buyer/attacker to control the device remotely.

To steal users’ credit card numbers, banking credentials and passwords for other online accounts, Cerberus lets attackers launch screen overlay attacks from its remote dashboard.

In screen overlay attack, the Trojan displays an overlay on top of legitimate mobile banking apps and tricks Android users into entering their banking credentials into the fake login screen, just like a phishing attack.

“The bot abuses the accessibility service privilege to obtain the package name of the foreground application and determine whether or not to show a phishing overlay window,” the researchers said.

android banking malware

According to researchers, Cerberus already contains overlay attack templates for a total of 30 unique targets, including:

  • 7 French banking apps
  • 7 U.S. banking apps
  • 1 Japanese banking app
  • 15 non-banking apps

Cerberus Uses Motion-based Evasion Tactic

Cerberus also uses some interesting techniques to evade detection from antivirus solutions and prevent its analysis, like using the device accelerometer sensor to measure movements of the victim.

The idea is straightforward—as a user moves, their Android device usually generates some amount of motion sensor data. The malware monitors the user’s steps through the device motion sensor to check if it is running on a real Android device.

“The Trojan uses this counter to activate the bot—if aforementioned step counter hits the pre-configured threshold it considers running on the device to be safe,” the researchers explain.

“This simple measure prevents the Trojan from running and being analyzed in dynamic analysis environments (sandboxes) and on the test devices of malware analysts.”

If the user’s device lacks sensor data, the malware assumes that the sandbox for scanning malware is an emulator with no motion sensors and will not run the malicious code.

However, this technique is also not unique and has previously been implemented by the popular Android banking Trojan ‘Anubis’.

It should be noted that Cerberus malware does not exploit any vulnerability to get automatically installed on a targeted device in the first place. Instead, the malware installation relies on social engineering tactics.

Therefore, to protect yourself from becoming victims to such malware threats, you are recommended to be careful what you download on your phone and definitely think thrice before side-loading stuff as well.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

Apollo Foundation Developing Post-Blockchain Infrastructure and Decentralized Internet

Next Post

Google, Mozilla: We're changing what you see in Chrome, Firefox address bars

Related Posts

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
Internet Privacy

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

March 6, 2021
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Internet Privacy

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

March 6, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Next Post
Google, Mozilla: We’re changing what you see in Chrome, Firefox address bars

Google, Mozilla: We're changing what you see in Chrome, Firefox address bars

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Facebook enhances AI computer vision with SEER
Machine Learning

Facebook enhances AI computer vision with SEER

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
Hands-on Guide to Interpret Machine Learning with SHAP –
Machine Learning

Hands-on Guide to Interpret Machine Learning with SHAP –

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
Revolution by Artificial Intelligence, Machine Learning and Deep Learning in the healthcare industry
Machine Learning

Revolution by Artificial Intelligence, Machine Learning and Deep Learning in the healthcare industry

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Cyberattack shuts down online learning at 15 UK schools March 6, 2021
  • Facebook enhances AI computer vision with SEER March 6, 2021
  • Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments March 6, 2021
  • Hands-on Guide to Interpret Machine Learning with SHAP – March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates