Android Security

Cerberus malware is deployed and distributed after compromising a company’s MDM server

Cyber criminals have breached into 75% of multinational conglomerate’s android devices using the Cerberus banking Trojan by breaching into Mobile Device Manager (MDM) server of the company. 

MDM is otherwise known as Enterprise Mobility Management Solution which assists organizations in managing the remote and mobile devices, say it be iOS, Android, macOS, or Windows. This solution usually comes with a server like any other product and it will be used to enroll in the corporate devices, to manage and secure them, allowing technicians to deploy applications, profiles, secure emails, conditional exchange access, content management and more.

What is Cerberus?

Cerberus is a Banking Trojan that was discovered in June 2019 is a MaaS and being used by the clients after purchasing them to drop payloads, take over and manipulate the devices. If the Cerberus malware is successfully deployed into a device, it can steal a wide range of business sensitive information like SMS, call logs, device credentials, two-factor authentication codes, device lock patterns, fetch information about installed apps and log keystokes. 

As soon as the hackers had breached into the company’s MDM servers, they deployed the Cerberus to a substantial amount of android devices as per Check Point Security researchers report. Furthermore, the attackers had installed two suspicious apps in number of devices using the MDM server, and after identifying the presence of this malicious application, the company has decided to factory reset all the android devices that had been enrolled with the compromised MDM server.

After successfully establishing itself within the device, the malware requests access for android accessibility service, asking the users to activate the same. Once approved, the malware is now more like a Thanos with all the infinity stones, it can navigate menus, make clicks, and totally bypass user dependency.

Cerberus’s overwhelming control over the devices

Cerberus is capable of Remote Access Trojan behavior, allowing cyber criminals to remotely control the infected device, and is also capable of overlay, allowing it to capture passwords, patterns, PINs, and even the two-factor authentication security. Furthermore, this malware can make calls behalf of the user, send SMS and USSD requests, install/uninstall applications and more.

Cerberus will continue to block the users privilege to uninstall Team Viewer and meanwhile gains administrative privileges as well. Additionally, it also prevents its installation procedures by not displaying the app details page. Cerberus ensures its deployment is safe by using Google Play Protect and sustaining its presence in the device.With the deployment of Cerberus, technicians will no longer be able to perform mobile device management operations on their managed devices. If you’re interested in understanding the malware further by studying the android apps’ package names, please check Check Point’s report on the same.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

View Comments

  • Hi there, just wanted to mention, I loved this article. It
    was practical. Keep on posting!

  • Like!! I blog frequently and I really thank you for your content. The article has truly peaked my interest.

  • I consider something genuinely interesting about your web site so I saved to fav. Winnie Arvie Johansen

  • I am regular reader, how are you everybody? This post posted at this web page is genuinely pleasant. Marji Gordon Laurita

  • Pretty section of content. I just stumbled upon your site and in accession capital to assert that I get in fact enjoyed account your blog posts. Any way I will be subscribing to your feeds and even I achievement you access consistently rapidly. Dorthea Sky Knoll

  • Hi, I desire to subscribe for this weblog to get latest updates, therefore where can i do it please assist. Roxanne Bevan Gorlin

  • You should take part in a contest for one of the finest sites online. I am going to recommend this site! Angelique Paul Niko

  • Usually posts some incredibly intriguing stuff like this. If you are new to this site. Lorrayne Hashim Bullen Koo Bord Yalonda

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago