Category | Details |
---|---|
Threat Actors | Cerberus (also known as ErrorFather) |
Campaign Overview | Cerberus reemerges as a multi-stage banking trojan targeting Android devices, stealing banking credentials, SMS data, and contact lists. |
Target Regions (Or Victims) | Global, primarily targeting Android users |
Methodology | Uses overlay attacks, keylogging, and dynamic C2 communication via Domain Generation Algorithms (DGAs). |
Product Targeted | Android devices, specifically banking apps, SMS, and contacts. |
Malware Reference | Cerberus (Android banking trojan) |
Tools Used | Keylogging, Remote Access, Domain Generation Algorithms (DGAs), encrypted payloads, droppers, native libraries. |
Vulnerabilities Exploited | Android security vulnerabilities, primarily through overlay attacks, keylogging, and app masquerading. |
TTPs | Masquerading as trusted apps, keylogging, phishing, C2 encryption, Dynamic Resolution (DGA), encrypted communications. |
Attribution | Unknown, likely criminal groups focused on financial theft and espionage. |
Recommendations | App verification, endpoint security, user training, multi-layered defense, anti-keylogging measures, and network monitoring. |
Source | SOCRadar |
Read full article: https://socradar.io/cerberus-multi-stage-trojan-banking-campaign/
The above summary has been generated by an AI language model
Comments (1)
Osint10x Newsletter #3 - Osint10xsays:
January 5, 2025 at 11:16 pm[…] A detailed analysis of Cerberus, a multi-stage trojan targeting Android users. The campaign is stealing banking credentials through advanced techniques. Stay informed to protect your devices. Read more […]