Cyber criminals have breached into 75% of multinational conglomerate’s android devices using the Cerberus banking Trojan by breaching into Mobile Device Manager (MDM) server of the company.
MDM is otherwise known as Enterprise Mobility Management Solution which assists organizations in managing the remote and mobile devices, say it be iOS, Android, macOS, or Windows. This solution usually comes with a server like any other product and it will be used to enroll in the corporate devices, to manage and secure them, allowing technicians to deploy applications, profiles, secure emails, conditional exchange access, content management and more.
Cerberus is a Banking Trojan that was discovered in June 2019 is a MaaS and being used by the clients after purchasing them to drop payloads, take over and manipulate the devices. If the Cerberus malware is successfully deployed into a device, it can steal a wide range of business sensitive information like SMS, call logs, device credentials, two-factor authentication codes, device lock patterns, fetch information about installed apps and log keystokes.
As soon as the hackers had breached into the company’s MDM servers, they deployed the Cerberus to a substantial amount of android devices as per Check Point Security researchers report. Furthermore, the attackers had installed two suspicious apps in number of devices using the MDM server, and after identifying the presence of this malicious application, the company has decided to factory reset all the android devices that had been enrolled with the compromised MDM server.
After successfully establishing itself within the device, the malware requests access for android accessibility service, asking the users to activate the same. Once approved, the malware is now more like a Thanos with all the infinity stones, it can navigate menus, make clicks, and totally bypass user dependency.
Cerberus is capable of Remote Access Trojan behavior, allowing cyber criminals to remotely control the infected device, and is also capable of overlay, allowing it to capture passwords, patterns, PINs, and even the two-factor authentication security. Furthermore, this malware can make calls behalf of the user, send SMS and USSD requests, install/uninstall applications and more.
Cerberus will continue to block the users privilege to uninstall Team Viewer and meanwhile gains administrative privileges as well. Additionally, it also prevents its installation procedures by not displaying the app details page. Cerberus ensures its deployment is safe by using Google Play Protect and sustaining its presence in the device.With the deployment of Cerberus, technicians will no longer be able to perform mobile device management operations on their managed devices. If you’re interested in understanding the malware further by studying the android apps’ package names, please check Check Point’s report on the same.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…
View Comments
Hi there, just wanted to mention, I loved this article. It
was practical. Keep on posting!
Like!! I blog frequently and I really thank you for your content. The article has truly peaked my interest.
I consider something genuinely interesting about your web site so I saved to fav. Winnie Arvie Johansen
I am regular reader, how are you everybody? This post posted at this web page is genuinely pleasant. Marji Gordon Laurita
Major thankies for the blog article. Thanks Again. Great. Druci Levey Knitter
Pretty section of content. I just stumbled upon your site and in accession capital to assert that I get in fact enjoyed account your blog posts. Any way I will be subscribing to your feeds and even I achievement you access consistently rapidly. Dorthea Sky Knoll
Hi, I desire to subscribe for this weblog to get latest updates, therefore where can i do it please assist. Roxanne Bevan Gorlin
You should take part in a contest for one of the finest sites online. I am going to recommend this site! Angelique Paul Niko
Having read this I thought it was rather enlightening. Erda Carlos Nevai
Usually posts some incredibly intriguing stuff like this. If you are new to this site. Lorrayne Hashim Bullen Koo Bord Yalonda