Failed Auction Pushed Actors to Release Their Banking Trojan For Free

What happened?

• The source code was put for auction (in a failed attempt) and later the code was released for free due to the breakup of the malware development team.
• In July, the Cerberus banking trojan’s source code was offered for sale at a price tag of $50,000. The offer included everything from an installation guide to the customer list and more.

Modus operandi

• The banking trojan can be often seen disguised as a genuine app to access the banking details of unsuspecting users.
• For a few weeks, the app works as it claims, but soon after it begins its malicious activities on users’ devices.
• In one case, it was distributed to the employees of a company, via the company’s MDM server.

Previous attacks

• In early-July, the banking trojan posed as a Spanish currency converter application on Google Play Store and hid its malicious intentions for a few weeks. The app gained the trust of customers to steal banking data.
• In April, a new variant of this banking trojan targeted a multinational conglomerate and was spread by exploiting their Mobile Device Manager (MDM) server.
• In late-March, cybercriminals crafted a coronavirus-themed scam and laced a mobile application with Cerberus banking trojan to target Spanish users.

Conclusion