The intention was to auction Cerberus' source code online. Due to "an accumulation of factors," the creator decided to offer his program for free and for nothing on a Russian platform mainly frequented by hackers. Since then, security specialists have seen an increase in the number of rogue applications for smartphones.
So says Dmitry Galov, cybersecurity researcher at Kaspersky, at the Kaspersky NEXT 2020 forum, ZDNET reported.
Cerberus is a so-called Remote Access Trojan (RAT) developed for Android phones. A Trojan is a form of malware that allows hackers to access your device through a backdoor. Remote Access means criminals can remotely invade your smartphone, computer or other device, with dire consequences.
Cerberus was designed to secretly collect users' personal and sensitive information, intercept messages, tamper with smartphone functionalities. The malware was mainly deployed to collect bank account numbers and identity or authentication data. What makes Cerberus so dangerous is that it is able to bypass two-factor authentication (2FA) and steal so-called generated One-Time Passcodes (OTP).
In July, Cerberus struck rock hard in the Google Play Store. Security researchers at Avast discovered a currency converter application in the Play Store. It had been approved by Google and there was no problem. Until the creators rolled out an update dressed up with Cerberus. A large number of users then suddenly had malware on their smartphones.
Cerberus was initially offered as a service called Malware-as-a-Service (MaaS). Hackers paid a fee ranging from $4,000 to $12,000 to use the "service.
Kaspersky security specialist Galov says disagreements arose in Cerberus' developer team in April. Employees, he says, had a disagreement over the future of the malware. To end this disagreement, the team agreed to auction off the APK source code along with the client list, servers and administrator panel access codes. The goal was to raise $100,000 by doing so. The auctioneer said Cerberus generated an average of $10,000 in revenue each month.
But due to an "unclear accumulation of factors," the creator decided to stop auctioning off the source code and publish it for free online on a Russian underground forum, Galov says. He says releasing the source code had immediate consequences. For example, Kaspersky found that new infections were immediately reported in Europe and Russia.
The developer who came up with Cerberus now no longer has to worry. According to Galov, the worries for us really begin now. According to the security expert, we can expect an increase in applications equipped with Cerberus in the near future. Not only that it is also obvious that we can expect all kinds of variants of this malware, with diverse applications.
"We will continue to investigate all applications associated with the Cerberus code and related activities," Galov promises. "But in the meantime, applying cybersecurity best practices for your mobile devices and banking security is the best way to defend yourself."
