Malware with a mythical name always spells bad news, and the resurgence of the Cerberus banking Trojan is certainly that. Researchers have spotted a new version of the dangerous Android malware making the rounds, but this time, it’s even more difficult to detect.
Cerberus Has Left Hades and Is Coming For Your Smartphone
Researchers for Cyble Research and Intelligence Labs detected a new malware campaign using the Cerberus Android banking Trojan. The campaign, dubbed ErrorFather, has picked up pace throughout September and October 2024 and is increasing in scale, targeting users in numerous countries.
Like most malware campaigns, ErrorFather spreads through malicious apps on Android’s Play Store and the iOS App Store. Typically disguised as legitimate apps, these fake banking apps download a multi-stage banking Trojan designed to bypass security restrictions and steal banking information. The malware can perform a range of actions and includes options to trigger a VNC (virtual network connection) that could send a continuous screen view to a remote device.
Furthermore, the Cerberus variant uses an overlay attack. The malware scans the smartphone’s list of apps to find financial apps. Then, when the victim interacts with the app, the malware loads a fake phishing page over the real screen, stealing any information entered. It’s quite devious, and it’s easy to see how it goes undetected.
The ErrorFather campaign tries to hide using a Domain Generation Algorithm to generate new command and control addresses. Creating new addresses using an algorithm makes it difficult to locate a single central server to shut down the operation, enabling ErrorFather to keep up and running for longer.
How to Stay Safe From the ErrorFather Cerberus Malware
You’ll be pleased to know that keeping your devices safe from this malware is actually relatively simple. As is so often the case, the first tip is to only download apps from the official Play Store and App Store. Google and Apple both vet apps and check for security, reducing the chances of finding malware masquerading as a real banking or finance app, and it’s one of the best ways to be safe when downloading smartphone apps. That’s not to say malware doesn’t slip through. It does, but both tech giants do make an effort to make sure it doesn’t.
Second, you should never download an app randomly or follow a link to an app sent to you out of the blue. That goes for apps or app links found on forums, social media, Telegram, TikTok, or otherwise. These links are a primary method of sneaking malware onto someone’s device when they’re not expecting it and can be an easy way to find a new victim.
Finally, it’s always recommended that you have an updated antivirus app on your device. As this malware includes keyloggers and screen-sharing functions, it’s important not to let it onto your device to begin with!
