The authors of the notorious Cerberus Android banking trojan are auctioning their project for a price starting at $50,000, but buyers could close the deal for $100,000.
The overall project includes the source code of the components (the malicious APK, the admin panel, and C2 code), the installation guide, a collection of scripts for the setup and a customer list with an active license, along with contacts for customers and potential buyers.
The malware-as-a-service Cerberus has emerged in the threat landscape in August 2019, it is an Android RAT developed from scratch that doesn’t borrow the code from other malware.
According to researchers at Threat Fabric who first analyzed the malicious code, Cerberus implements features similar to other Android RAT, it allows operators to full control over infected devices.
The malware implements banking Trojan capabilities such as the use of overlay attacks, the ability to intercept SMS messages and access to the contact list.
The author of this malware is very active on Twitter and mocks security firms claiming to have avoided the detection for at least two years.
In February, the authors implemented the ability to steal 2FA code from the Google Authenticator app abusing the Accessibility Privileges.
In the last months, the maintainers of the Cerberus Trojan were offering their bot for rent for up to $12,000 per year, while they also offered a license for $4,000/3 months and $7,000/6 months.
“The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money.” reported BleepingComputer.
“According to a post from the seller on a Russian-speaking underground forum, the business is currently generating $10,000 every month.”
The maintainers of the Cerberus Android Trojan decided to sell the source code because the group split up and they have no time to provide 24/7 support.
(SecurityAffairs – hacking, Cerberus)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.