Android users warned after Cerberus leaks to the dark web

Get a free Techzine subscription!

The source code for the banking malware Cerberus is now available for free on underground forums.

The full source code for the Cerberus banking malware has been released online, according to cybersecurity company Kaspersky.

Cerberus, a sort of Trojan virus, was originally tracked in the summer of 2019. Kaspersky experts have been monitoring Cerberus since July 2020.

ThreatFabric discovered the malware in early 2020. At the time, Cerberus was still in its test phase. ThreatFabric warned users however that the malware could be released “soon”. Indeed, the Cerberus source code went up for auction in July, following the breakup of its development team.

A rogue developer decided to publish the source code

One of the authors decided to publish the Cerberus source code on a popular Russian-speaking underground forum, that Kaspersky found. This means that cybercriminals are able to acquire Cerberus for free. This availability has led to a rapid increase in cyber attacks on mobile banking in Russia as well as other European countries.

Kaspersky security researcher Dmitry Galov said that the “findings regarding Cerberus v2 are a warning to everyone implicated by Android security and Android banking security in particular”. 

“We’re already seeing an increase in attacks on users since the source code was published. It’s not the first time we’ve seen something like this happen, but this boom of activity since the developers abandoned the project is the biggest developing story we’ve tracked for a while,” he added.

“We continue to investigate all found artefacts associated with the code, and will track related activity. But, in the meantime, the best form of defence that users can adopt involves aspects of security hygiene that they should be practicing already across their mobile devices and banking security.”

A warning to Android users

Android users should only download and install applications from the Google Play store, Kaspersky has warned. They should also deactivate the function in smartphone settings for installing programmes from unknown sources.

Back in February, ThreatFabric reported that Cerberus was able to target communication applications such as Gmail, Outlook, and Telegram, as well as numerous banking applications. The targeted banks included Lloyds Bank Mobile Banking, Wells Fargo Mobile, and Santander.

Users of these applications and services should be especially on guard.

Tip: Cybercrime becomes more sophisticated: ‘we can’t continue like this.’