Trojan

Cerberus

First seen: 2019-06 • Status: active

Currently Active Threat

Cerberus tricks Android users into entering their banking passwords into fake screens. It is widespread and very effective at stealing money from bank accounts.

Overview

Cerberus is an Android banking trojan that was sold as malware-as-a-service before its source code was leaked. It uses overlay attacks to steal banking credentials.

Also Known As

Cerberus Android, Cerberus Banker

How It Spreads

  • Fake apps
  • Malicious APKs
  • Phishing

What It Does

  • Overlay attacks on banking apps
  • Steals SMS 2FA codes
  • Records screen
  • Steals credentials

Is your business exposed?

Target Platforms

Android

Detection Tips

  • Watch for apps requesting accessibility services
  • Monitor SMS access

MITRE ATT&CK Techniques

T1417, T1411, T1414

If You're Infected

  1. 1.

    Remove suspicious apps immediately

  2. 2.

    Contact your bank

  3. 3.

    Factory reset if necessary

Related Malware

Spynote, Anubis, Teabot

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices