The Play Store, Google’s digital store pre-installed on many Android devices, is chock full of apps. Not all, however, have “good intentions”. In fact, sometimes security researchers discover malicious apps that are best avoided. This time we talk to you about Cerberus, a banking trojan.
Press release: Rome, 13 July 2020 – Researchers from Avast’s Mobile Threat Labs team, the world leader in cybersecurity, have discovered the Cerberus banking trojan on Google Play, disguised within the legitimate application “Calculadora de Moneda”, downloaded over 10,000 times by Android users in Spain.
According to Avast researchers, the application he hid his malicious intentions for the first few weeks while being available on the store, probably to acquire users and gain their trust, before starting any malicious activity that could have attracted the attention of security researchers or the Google Play Protect team.
In a second moment the app – through the commands given by a command and control (C&C) server – activated the Cerberus banking trojan, overlapping the legitimate app for home banking already present on the user’s device.
At this final stage, Cerberus is unable to steal all access data to the current account, read text messages and two-factor authentication details, which means it is able to bypass all security measures.
In the case of “Calculadora de Moneda,” the C&C server in question and its payload were active until a few days ago and then stopped sending the malicious code. It is a tactic that scammers often use for hiding from detection, limiting the time window in which it is possible to discover the harmful activity.
All the results of this research have been reported to Google.
What aroused particular interest and that characterized this campaign under consideration was the way in which the banking trojan managed to sneak sneakily into the Google Play Store.
How to protect yourself from mobile banking Trojans
Avast experts recommend users to take the following measures to protect themselves from these types of threats:
- Verify that your banking app is certified. If the interface seems unfamiliar or strange, check back with the bank’s customer service team.
- Use the two-factor authentication if the bank offers it as an option.
- Rely only on reliable app stores, such as Google Play or Apple’s App Store. Even though the malware in question was on Google Play, its payload was downloaded from an external source. Disabling the option to download apps from other sources, this type of banking Trojan can be avoided.
- Before downloading a new app, check user ratings. If there are many negative reviews, it is probably an app not to be used.
- Pay attention to permissions required by an app. In the event of excessive requests, it is to be considered as an alarm bell.
- Malware will often ask to become a device administrator to gain control of it. Never grant this permission unless you deem it really necessary.
- Use security app which also detects and protects against threats of this type.
End of the press release: For more information, see the Future Security Time (Avast) blog.