#APK CERBERUS PRO DOWNLOAD#
Never download and install applications from outside the official Google Play market That new app/news site/dashboard might be different than you thought. Here are 4 easy steps for greater online security:
In conclusion, the desire for timely information is a proven effective hook for cybercriminals and phishing schemes. Living safe in a time of pandemic malware
If the user tries to uninstall it directly, the uninstall prompt will flash for a second and then disappear, not giving the user enough time to interact with the prompt.
#APK CERBERUS PRO FULL#
Once the permissions are received, the app will start communicating with its Command & Control center, signaling that a new device is part of the botnet, sending data about the device, and downloading the payload file called RRoj.json.Īfter some time, the real goal of the trojan is uncovered when a SQLite database file called Web Data is placed on the device for holding and exfiltrating detailed credit card data held on the device:įigure 4: The DB file used to store the credentials and the content of the “credit_cards” table Uninstalling Corona-Apps.apkĪfter the app has been given full control of the device, the only way to remove it is to force stop the app and then subsequently uninstall it. On top of that, it will ask for permission to access photos and media on the device, manage phone calls and sms messages, and have access to contacts. Notification requests will only stop only after the user uninstalls it or gives it accessibility service privilege. It does, however, bombard the user with a notification every 10 seconds:įigure 3: Notification asking for accessibility service privilege and the prompt Unlike the older version of Cerberus, this one doesn’t hide its icon from the screen. When the user continues in the installation process, they will be prompted with the following screen:įigure 2: The install prompt of the “Corona-Apps.apk” Because there is no interface, this URL is most likely used on other platforms and phishing attempts as a hyperlink.įigure 1: The empty website, with the warning from the browserĪfter the first warning, the user is prompted with a second one from the operating system, regarding the danger of installing applications from unknown sources. The infection saga begins when a device user downloads the app from the URL “hxxp://corona-appscom/Corona-Apps.apk”. This is not an isolated, individual case as similar infection vectors have been seen in the wild. In addition, it can use overlay attacks to trick victims into providing personal information and can capture two-factor authentication details. This trojan primarily focuses on stealing financial data such as credit card numbers. Usually spread via phishing campaigns, Corona-Apps.apk uses its connection with the actual virus name to trick users into installing it on their smartphones. Such is the case of “Corona-Apps.apk” variant of the Cerberus banking trojan. Since the beginning of the COVID-19 pandemic, cyber criminals and malware actors have taken advantage of the general panic, fear and thirst for information to come up with different tactics to distribute malware and infect the user’s devices.
0 kommentar(er)
