Page 32 - Banking Finance November 2020
P. 32
ARTICLE
credible app or software that users can download and install. credentials, what has been introduced in Cerberus is a
Once in the system, it positions itself to access your banking specific injection to steal the device unlock pattern
details by disguising itself as an app that requires permission configured by the device user.
to be used.
The Cerberus malware was discovered last year in June 2019
It is a type of malicious code or software that looks genuine as an Android banking Trojan. However, its features were
but with the capability of taking control of one's computer. recently upgraded with RAT (Remote Access Trojan) abilities,
A Trojan is designed to damage, disrupt, steal, or inflict which increase its threat level significantly.
harmful action on data or network.
It has been restructured and enhanced with the ability to
How it affects our phone and steals steal multi-factor authentication (2FA) tokens from the
Google Authenticator application. To do this, it simply makes
financial data? use of the accessibility service, and through it reads the
The Trojan virus contacts smartphone users via text contents of the interface and sends the codes to the control
messages and asks to click on a link saying it will provide server. Google Authenticator app was launched in 2010 as
COVID-19 updates. Once clicked, the link installs a malicious the more secure alternative for SMS Authentication codes.
application on their phones. The app works by providing six to eight-digits unique codes
that user must enter in login pages to access accounts.
Upon reaching the target device, the malware hides and
asks the user an accessibility service privilege. Once granted, Apart from being able to tamper the authenticator
the malware then automatically gains access to other application, the Cerberus can also steal device screen-lock
features without user interaction. It then disables Google's credentials - PIN codes and swipe patterns alike, allowing
Play Protect to avoid detection in the future and registers the hackers to unlock the device remotely to perform fraud
the victim device. when the victim is not using the device.
Once the device becomes infected with Cerberus trojan, the What makes Cerberus specifically a dangerous Trojan is that
malware is embedded in the applications without showing it has specified attacks for 30 unique targets and banking
the icon. It often takes the form of commonly used apps, and it can keep making unique targets for its attacks.
applications that we need to switch on often, like the Flash The list includes 15 banking apps; 7 French, 1 Japanese, and
Player Service, to gain accessibility permission. After 7 US apps, and 15 non-banking apps including Gmail, Twitter,
permission is granted, it will allow the hacker to gain control Snapchat, WhatsApp, Telegram, Instagram, Viber, Yahoo
over the device remotely. Mail, Microsoft Outlook, and Uber.
To steal users' credit card numbers, banking credentials and
passwords for online accounts, Cerberus launch 'screen
overlay attacks.' This means that the hacker will be able to
capture the data the user enters into an app that you are
entering by casting a transparent overlay. E.g. Cerberus can
display an overlay on top of an actual mobile banking app
and can trick the users into entering their banking
credentials into the fake login screen.
Specific feature of the Cerberus Trojan
which makes it dangerous than other
Banking Trojan Malware
Although there are no new features in the theft of banking
32 | 2020 | NOVEMBER | BANKING FINANCE