Cerberus Android Banking Trojan is back with more power and benefiting from the
COVID-19 pandemic fear. It can by-pass Google Authenticator two-factor authentication which is considered more secure alternative to SMS. It spread via phishing or by an SMS link that usually say on the lines of "install this app and get ahead of Corona epidemic". After install it can steal sensitive information such as banking information, crypto wallets and with the availability of RAT it can also extract and pass data to its operators. It can extract data from non-banking apps like messaging applications installed on the victim's device such as Telegram, WhatsApp or Gmail. This information can later be exploited for ransom. It will send SMS and emails from the compromised devices which appear to come from the victim itself, which lead to its fast propagation. It can infect Android version from 4 to 10.
Cerberus Trojan Sample 1 Signatures
Family: PUA:Win32/Presenoker
MD5: 84da367dd962210f27858799fe25d79f
SHA256: 6363beadf56ad162bc58fa8f1c5393223cd94221af0b3b2e9db0d718c3fae085
Cerberus Trojan Sample 1 Download
Cerberus Trojan Sample 2 Signatures
Family: Trojan:AndroidOS/Cerberus.A!MTB
MD5: b8328a55e1c340c1b4c7ca622ad79649
SHA256: fe23b30a9296477557f027d4710e81eb1b08d65a1a83b6d81a4ed6128ed6e2a0
Cerberus Trojan Sample 2 Download