Cerberus Android Trojan

Cerberus is a modular Android trojan-as-a-service sold on a number of hacking forums.

As with most Android malware, Cerberus is delivered disguised as legitimate applications via the Google Play application store or third-party. When downloaded, it will disable Google Play Protect security services before hiding itself on the device.

Once installed, Cerberus will attempt to extract user credentials and financial information from other applications on the device. It will also attempt to phish user information when a number of banking-related websites are visited. Certain variants of Cerberus are able to log keystrokes, and forward calls and messages.

Further details on this trojan can be found here.

Indicators of Compromise

Filenames

·         com.gzhlubw.pmevdiexmn

·         com.hvdnaiujzwo.fovzeukzywfr

·         com.mwmnfwt.arhkrgajn

·         com.ognbsfhszj.hqpquokjdp

·         com.uxlgtsvfdc.zipvwntdy

·         com.wogdjywtwq.oiofvpzpxyo

SHA256 File Hashes

3f2ed928789c200e21fd0c2095619a346f75d84f76f1e54a8b3153385850ea63

6ac7e7ed83b4b57cc4d28f14308d69d062d29a544bbde0856d5697b0fc50cde4

728a6ea44aab94a2d0ebbccbf0c1b4a93fbd9efa8813c19a88d368d6a46b4f4f

cfd77ddc5c1ebb8498c899a68ea75d2616c1c92a0e618113d7c9e5fcc650094b

fe28aba6a942b6713d7142117afdf70f5e731c56eff8956ecdb40cdc28c7c329

ffa5ac3460998e7b9856fc136ebcd112196c3abf24816ccab1fbae11eae4954c

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: