New version of Cerberus targets Spanish and Latin American entities

At the beginning of September there were new samples of the Android 'Cerberus' banking Trojan detected. This banking malware has been gaining popularity little by little since its launch in June 2019.

Its developers do not distribute the samples directly to infect victims. Rather, they sell the Trojan in an 'underground' forum and it is their customers who, through an automated tool, build the malicious APK that they will distribute to their victims. This is why not all samples affect the same entities, as it depends on each buyer’s objective.

Trojan developers have even created a Twitter account (, in which they publish the new features included in the new versions and even joke with the best-known malware analysts in the community.

The increase in its popularity has led to the presence of Spanish and Latin American banking entities among the new samples detected at the beginning of September, for the first time. In past versions, French and Japanese entities had been discovered.

If you are interested you can download full report. Please, suscribe to our Labs blog.




New version of the Cerberus banking Trojan targets Spanish and Latin American entities


The samples arrived through our automatic malware analysis systems, and the propagation vectors used by the criminals could not be found in the study made.

Probably, as usual with this type of malware, the distribution of the malicious APK was effected through fraudulent web pages.


Did you like it? Share in your social communities.


What did you think about this topic?

Leave your comments


Need to reduce fraud in your online banking?

Discover our holistic vision applied to online detection

Request demo