Cerberus Malware Emerged On Play Store Impersonating Cryptocurrency Converter App

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

Once again, Cerberus malware has emerged as a threat to users after appearing on the Google Play Store. The malware posed as a cryptocurrency converter app to trick users, thus reaching thousands of downloads.

Cerberus Posing As Cryptocurrency App

Researchers from Avast found Cerberus malware appearing on Google Play Store. The malware hid behind a cryptocurrency converter app.

As explained in their post, the app seemingly aims at Spanish users. It bears the name “Calculadora de Moneda” which translates as “Currency Calculator” in English.

Considering the niche chosen, it seems that malware basically attempted to steal users’ banking data, which the users would need to enter while converting their cryptocurrency to fiat money.

Briefly, the researchers observed that the app remained harmless for a few initial weeks, seemingly to gather users (or victims). This also allowed the app to escape security check by Google Play Protect.

However, the app did bear malicious malware dropper code which remained inactive initially but later became active. The researchers could observe the app communicating with the C&C server to download an additional malicious APK – the banker.

Regarding how it would work, the researchers stated,

In this final stage, the banker app can sit over an existing banking app and wait for the user to log into their bank account. At which point the malicious Trojan activates, creating a layover over your login screen, and steals all your access data.

Moreover, the malware would also read messages seemingly to access two-factor authentication details. Hence, malware could easily evade all security procedures.

Malware Disappeared. But Threat Persists…

Though, the active Cerberus malware functionality appeared for a very short time. Soon after its discovery, the malicious C&C disappeared and the app became harmless once again.

Nonetheless, the researchers have explained that threat actors may use such sneaky tactics to stay under the radar for a while.

Although this was just a short period, it’s a tactic fraudsters frequently use to hide from protection and detection i.e. limiting the time window where the malicious activity can be discovered.

Therefore, the users must remain very careful while downloading any app, especially the ones dealing with sensitive information, such as bank details.

As for this app, it is wise to stop using this app right away. Nobody knows when the perpetrators would trigger another phase of active banking Trojan.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!