Dmitry Galov, an expert from Kaspersky Lab, said that the auction for sale of the source codes of the Android banking Trojan Cerberus obviously did not meet expectations of the malware authors. As a result, according to ZDNet, the source codes of the Cerberus banker were published for free for premium users on a popular Russian hack forum.
Let me remind you that at the end of this summer, we, referring to Bleeping Computer, already wrote about selling Cerberus sources. The price started at $50,000, and the malware authors intended to hold an auction in increments of $1,000 (however, for $100,000, malware can be purchased immediately and without bargaining).This price included all the pack: from the source code to the list of customers, along with installation instructions and scripts for the cohesive work of the components. That is, the buyer could get the source code of the malicious APK, the module, as well as “keys” from the admin panel and servers”, – told journalists Bleeping Computer.
Then the seller assured that the reason for selling the source code was simple: supposedly, the hack group that created Cerberus had disintegrated, and there was no one else to do round-the-clock support. As a result, everything was put up for sale, including a customer base with an active license, as well as contacts of customers and potential buyers. At the same time, according to the seller, Cerberus brought its operators about $10,000 a month.
Now Galov announced that the source codes of the banker are now being distributed under the name Cerberus v2, and this poses a great threat to smartphone users and the banking sector in general.
It looks like any customer was ready to buy the Trojan even for $50,000″, – said Dmitry Galov.
According to experts, after the publication of source codes in Europe, there is already an increase in infections with mobile malware. At the same time, Galov noted that the previous operators of Cerberus preferred not to attack Russian users of mobile devices, but now the picture has changed significantly.
Cerberus was discovered by information security specialists in the summer of 2019. Then it was reported that the malware does not use any vulnerabilities and spreads exclusively through social engineering.
The modular banker allows cybercriminals to establish full control over the infected device, and also has the classic functions for such malware: using overlays, SMS control and extracting the contact list. Also at the beginning of this year, ThreatFabric experts wrote that the Trojan learned to steal two-factor authentication codes generated by the Google Authenticator application.
Over the course of a year, the hack group behind the malware advertised its Trojan as a subscription service – it cost $12,000 a year (or $4,000 for 3 months, $7,000 for 6 months).