According to the publication in Bleeping Computer, the source code of the Android banking Trojan Cerberus is put up for sale on a Russian- hacker forum.
The price starts at $50,000, and the malware authors intend to hold an auction in increments of $1,000 (however, for $100,000, malware can be purchased immediately and without bargaining).This price includes a full package of services: from the source code, to the list of customers, along with installation instructions and scripts for component collaboration. That is, the buyer will receive the source code of the malicious APK, the module, as well as “keys” from the admin panel and servers.
A price tag of $100,000 for a piece of malware like Cerberus is likely to attract sophisticated threat actors with capabilities to maintain and improve the project”, — reported to Bleeping Computer journalists Alon Gal, CTO of cybercrime intelligence firm Hudson Rock.
Let me remind you that information security specialists detected the Cerberus malware in the summer of 2019. Then it was reported that he does not use any vulnerabilities and is distributed exclusively through social engineering.
The malware allows cybercriminals to establish full control over an infected device,and has classic banking functions such as using overlays, SMS control, and extracting contact lists.
In addition, at the beginning of this year, ThreatFabric experts wrote that the Trojan learned to steal two-factor authentication codes generated by the Google Authenticator application. Moreover, Google Authenticator completely ignored a dangerous vulnerability that Cerberus has been using for a long time.
Cerberus bot has extensive functionality, being able to spoof notifications from the banking service present on the device to prompt the victim to type in login credentials, and steal two-factor authentication codes, run any installed apps”, — reported ThreatFabric researchers.
During the year, the hack group behind the malware advertised its Trojan as a subscription service – its cost was $12,000 a year (or $4,000 for 3 months, $7,000 for 6 months). Cerberus currently brings roughly $10,000 a month to its carriers, according to a vendor post on a hacker forum.
The seller writes that the reason for selling the source is simple: supposedly, the hack group that created Cerberus has disintegrated, and no one can provide round-the-clock support. As a result, everything was put up for sale, including a customer base with an active license, as well as contacts of customers and potential buyers.
