The dangerous Cerberus malware is being talked about again. Avast cybersecurity researchers spotted the virus on an app offered on the Play Store. The app in question was presented as a simple currency conversion app which at first sight was harmless. It was, for a time.
The researchers indeed indicated in their report that the Calculadora de Moneda application - currency calculator - worked perfectly and offered the service announced at the start. It showed no offensive behavior for several weeks which allowed it to go unnoticed and to deceive the vigilance of its users. Except that in reality, the authors of the application had hidden a back door which allowed them to communicate and interact remotely with the app. They were able to download a new APK, a file containing the actual Cerberus malware, on their victims' smartphones.
Smart, the virus was able to determine whether it was on a real smartphone or in a controlled environment simulated by cybersecurity researchers. If it was, it didn't show up. He was also able to read received and sent messages, which enabled him to intercept authentication codes, record audio, as well as trace the location of the phones he had infected.
10,000 people downloaded the infected app
The corrupted application was present on the Spanish version of the Play Store. It was downloaded more than 10,000 times, potentially claiming as many victims before Google, warned by the researchers, removed the app from the Play Store. If the virus mainly targeted Spanish users, the presence of it on an app available on the Play Store shows that its authors were able to defeat the security measures of the Google application store. So there are chances that it hides on other applications on the Play Store.
The malware had already resurfaced at the beginning of the year, in a new form which allowed it to recover the codes generated by Google Authentificator. He then masqueraded as an information app about the coronavirus.
This is why it is all the more advisable to pay attention to what you download from the Play Store. Despite the security measures put in place by Google, many malicious applications manage to slip through the cracks. Avoid downloading apps from unknown developers and read user comments under apps before downloading them.
High-Tech
Android smartphones lose up to 90% of their value in just 2 years
High-Tech
Cerberus: Even strong authentication codes are no longer immune to malware
- Personal data
- Smartphone
- Android
- Computer virus
- Cybersecurity
- Cyber attack
- Cybercriminality
- High-Tech