| Category | Details |
|---|---|
| Threat Actors | Cerberus (also known as ErrorFather) |
| Campaign Overview | Cerberus reemerges as a multi-stage banking trojan targeting Android devices, stealing banking credentials, SMS data, and contact lists. |
| Target Regions (Or Victims) | Global, primarily targeting Android users |
| Methodology | Uses overlay attacks, keylogging, and dynamic C2 communication via Domain Generation Algorithms (DGAs). |
| Product Targeted | Android devices, specifically banking apps, SMS, and contacts. |
| Malware Reference | Cerberus (Android banking trojan) |
| Tools Used | Keylogging, Remote Access, Domain Generation Algorithms (DGAs), encrypted payloads, droppers, native libraries. |
| Vulnerabilities Exploited | Android security vulnerabilities, primarily through overlay attacks, keylogging, and app masquerading. |
| TTPs | Masquerading as trusted apps, keylogging, phishing, C2 encryption, Dynamic Resolution (DGA), encrypted communications. |
| Attribution | Unknown, likely criminal groups focused on financial theft and espionage. |
| Recommendations | App verification, endpoint security, user training, multi-layered defense, anti-keylogging measures, and network monitoring. |
| Source | SOCRadar |
Read full article: https://socradar.io/cerberus-multi-stage-trojan-banking-campaign/
The above summary has been generated by an AI language model
Comments (1)
Osint10x Newsletter #3 - Osint10xsays:
January 5, 2025 at 11:16 pm[…] A detailed analysis of Cerberus, a multi-stage trojan targeting Android users. The campaign is stealing banking credentials through advanced techniques. Stay informed to protect your devices. Read more […]