At the beginning of September there were new samples of the Android 'Cerberus' banking Trojan detected. This banking malware has been gaining popularity little by little since its launch in June 2019.
Its developers do not distribute the samples directly to infect victims. Rather, they sell the Trojan in an 'underground' forum and it is their customers who, through an automated tool, build the malicious APK that they will distribute to their victims. This is why not all samples affect the same entities, as it depends on each buyer’s objective.
Trojan developers have even created a Twitter account (https://twitter.com/androidcerberus), in which they publish the new features included in the new versions and even joke with the best-known malware analysts in the community.
The increase in its popularity has led to the presence of Spanish and Latin American banking entities among the new samples detected at the beginning of September, for the first time. In past versions, French and Japanese entities had been discovered.
If you are interested you can download full report. Please, suscribe to our Labs blog.