New version of the Cerberus banking Trojan targets Spanish and Latin American entities

Posted by buguroo - 17/10/2019

At the beginning of September there were new samples of the Android 'Cerberus' banking Trojan detected. This banking malware has been gaining popularity little by little since its launch in June 2019.

Its developers do not distribute the samples directly to infect victims. Rather, they sell the Trojan in an 'underground' forum and it is their customers who, through an automated tool, build the malicious APK that they will distribute to their victims. This is why not all samples affect the same entities, as it depends on each buyer’s objective.

Trojan developers have even created a Twitter account (https://twitter.com/androidcerberus), in which they publish the new features included in the new versions and even joke with the best-known malware analysts in the community.

The increase in its popularity has led to the presence of Spanish and Latin American banking entities among the new samples detected at the beginning of September, for the first time. In past versions, French and Japanese entities had been discovered.

If you are interested you can download full report. Please, suscribe to our Labs blog.

 

 

cerberus-cover

New version of the Cerberus banking Trojan targets Spanish and Latin American entities

 

The samples arrived through our automatic malware analysis systems, and the propagation vectors used by the criminals could not be found in the study made.

Probably, as usual with this type of malware, the distribution of the malicious APK was effected through fraudulent web pages.

 

Topics: malware

 

 

Deep Learning for Online Fraud Prevention


recent posts

New version of the Cerberus banking Trojan targets Spanish and Latin American entities

read more

New Host Modifier type malware that affects banks in Latin America

read more