Cerberus Banking Trojan

What is Cerberus?

Cerberus is a banking Trojan designed specifically for Androids and sold on various hacker forums. Like any other banking Trojan, it is used to steal personal and financial information. The threat first appeared in 2019. It gives cyber crooks remote access to the device and allows them to perform different malign actions including sensitive data collection. This data is stolen for the purpose of earning revenue at the expense of the target device user. If you suspect that you have this infection on your device, you should terminate Cerberus banking Trojan immediately.

How did Cerberus infect my device?

Cerberus banking Trojan spreads online through bogus Flash Player installers and malign websites that claim to have information related to COVID-19 like coronavirus-informations[.]online, canada-alert-covid19[.]com, cdph-ca[.]us, and others. Malware often disguises itself as legitimate software or uses relevant topics to attract users and trick them into infecting their system unknowingly. It is also known to ask users to update their version of Adobe Flash Player, Google Chrome or a different familiar program, however, instead of an update, you download the threat. That is why it is important to stay away from suspicious domains when you browse the Web and only update or download programs from reliable sources.

How does Cerberus banking Trojan work?

Cerberus does not appear in the Apps folder as it is disguised as Flash Player. The threat attempts to trick users into enabling increased privileges via Accessibility Service and if these privileges are granted, the parasite connects to a botnet and starts receiving commands from a Command and Control server. This allows cyber criminals to remotely access the device and perform various actions including recording your keystrokes, viewing your contacts, launching apps, deleting items, sending messages, and more.

Moreover, the threat can use overlay attacks to scam users into sharing their personal and financial information including logins and passwords, credit card details, online banking details, and so on. The Trojan is known to have phishing overlays for US, French, and Japanese banking apps, as well as a number of other popular programs including Instagram, Gmail, Microsoft Outlook, Play Market, Snapchat, Twitter, Uber, Viber, WhatsApp, Yahoo Mail, and more. The infection can detect when users open one of these apps and insert a phishing overlay tricking them into sharing their details with the scammers. Needless to say, when hackers acquire this data they can hijack users’ accounts, steal their money or even their identity.

How to remove Cerberus banking Trojan?

Cerberus banking Trojan removal is absolutely necessary and the faster you do it, the better. Unfortunately, as it is a serious infection, manual Cerberus banking Trojan removal is not an easy task. You can try to open your applications and delete Cerberus banking Trojan manually, however, you have to know which app it is pretending to be. Our suggestion is that you use the Safe Mode in order to delete Cerberus banking Trojan as it is likely that you will not be able to do it in the regular mode:

• Press and hold the Power button until you see the Power off screen
• Tap Power off and hold it
• Once Safe Mode option appears, choose it to reboot your device in Safe Mode
• Now you can uninstall Cerberus banking Trojan from your device
• Open Settings and go to Apps
• Find the malign app and Force stop it and then Uninstall it
• Go to My files to remove leftover files of the Trojan
• Locate the virus files and delete them

In order to avoid similar issues in the future, it is best to have reputable anti-malware installed. Having reliable security tools on your smartphone is just as important as having them on a computer or any other electronic device.