ThreatFabric specialists have recorded a modification of the Cerberus Trojan virus, which intercepts one-time passwords fromGoogle Authenticator apps.
</p>According to experts, known since the summer of 2019for a year, the trojan underwent a code base refactoring, thanks to which it got the opportunity to abuse Accessibility rights in Android. It can intercept the credentials of the device’s screen lock and the contents of the application interface, sending them to the attacker’s server.
«The RAT service can browse the device's file system and download its contents. It is also capable of launching the TeamViewer program and setting up connections to it»,- the report says.
This way hackers get unlimitedaccess to the victim’s device, including changing his settings, installing or removing applications, but, first of all, using any software on the device, including banking applications, instant messengers and social networks, even using two-factor authentication via Google Authenticator.
The new modification of the malware has not yet received widespread advertising in hacker forums and, most likely, is still at the testing stage, but may be released in the near future.
«An exhaustive list of Cerberus's targetscombined with the new RAT capability poses critical risks for financial applications offering online banking services. At the same time, the list of target applications can be expanded, including cryptocurrency wallets»,- noted the experts.
Cybersecurity specialists from the company «Kaspersky Lab» ForkLog confirmed in a comment that hackers can easily increase the Trojan’s sphere of influence.
«In general, it is not difficult for attackersreconfigure this malware to steal credentials from cryptocurrency wallets. To ensure security, holders of crypto wallets should use specialized security software for Android on their gadgets».— said antivirus expert «Kaspersky Lab» Victor Chebyshev.
In October 2019, banking was discovered.Geost virus, which infected more than 800 thousand Android devices of Russian users. According to preliminary data, attackers could control millions of rubles in the bank accounts of Russians.