Cerberus Malware-as-a-Service

Cerberus, a banking Trojan, was recently found on multiple devices at a company... This kind of thing happens often, but the reason this instance made the news was because of the unique way it got loaded on to the smartphones.

The attackers targeted the company's MDM Server and used the tool to remotely install the corrupt software. Once the culprit was found, it had already penetrated 75% of the devices on the network.

This Mobile Remote Access Trojan (MRAT) can log keystrokes, Google Authenticator data, and received SMS messages. The latter two can get access to 2 Factor Authentication codes. Using mobile remote desktop, the attacker fully can control the device.

Ionut Arghire of Security Week writes
The main module of the threat can steal Google authenticator credentials, Gmail passwords and phone unlocking patterns, sends out a list of files and installed applications, and can also upload files if requested. It can also prevent attempts to uninstall TeamViewer, which provides attackers with remote control capabilities.


Post a Comment