Cerberus Android Trojan

Cerberus is a modular Android trojan-as-a-service sold on a number of hacking forums.

As with most Android malware, Cerberus is delivered disguised as legitimate applications via the Google Play application store or third-party. When downloaded, it will disable Google Play Protect security services before hiding itself on the device.

Once installed, Cerberus will attempt to extract user credentials and financial information from other applications on the device. It will also attempt to phish user information when a number of banking-related websites are visited. Certain variants of Cerberus are able to log keystrokes, and forward calls and messages.

Further details on this trojan can be found here.

Indicators of Compromise


·         com.gzhlubw.pmevdiexmn

·         com.hvdnaiujzwo.fovzeukzywfr

·         com.mwmnfwt.arhkrgajn

·         com.ognbsfhszj.hqpquokjdp

·         com.uxlgtsvfdc.zipvwntdy

·         com.wogdjywtwq.oiofvpzpxyo

SHA256 File Hashes







Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: