The Android banking trojan that entered the realm of cyber threats is now back stronger than ever. Researchers have revealed that the Cerberus malware has been improved to steal Google Authenticator 2FA codes.
Cerberus Malware Overview
In 2019, researchers from ThreatFabric uncovered a banking Trojan targeting Android devices. The malware named ‘Cerberus’ bragged an entirely new code. Yet it possessed similar functionalities as that of any other banking trojan. However, it was also capable of ditching security checks that made it desirable for attacks.
Upon reaching the target device, it gained elevated privileges by exploiting accessibility service to access other features. Moreover, it also disabled Google Play Protect to escape detection. Plus, its robust and active social media presence also made it distinct from typical malware.
Cerberus Improved To Pilfer Google Authenticator Codes
Despite being unique, Cerberus lacked the precision to compete with Anubis malware. However, ThreatFabric researchers have now revealed changes in Cerberus malware. According to their recent report, the new Cerberus malware variant now comes with enhanced and improved RAT capability. This functionality empowers it to steal 2FA codes too. As stated,
This new Cerberus variant has undergone refactoring of the code base and updates of the C2 communication protocol, but most notably it got enhanced with the RAT capability, possibility to steal device screen-lock credentials (PIN code or swipe pattern) and 2FA tokens from the Google Authenticator application.
Using the same capability, the malware can also launch TeamViewer on the target device to gain remote access.
The researchers believe that the new strain might still be in the testing phase considering the absence of any formal announcement about the improvisation.
Let us know your thoughts in the comments.