Threats Tagged 'cerberus'

Perseus is a new Android threat that builds upon earlier malware families like Cerberus and Phoenix. It enables real-time monitoring and interaction with infected devices through Accessibility-based remote sessions, allowing full Device Takeover. The malware focuses on extracting high-value personal information, including monitoring user notes. It employs strong anti-analysis measures to evade detection. Perseus is primarily distributed through IPTV applications, targeting users in Turkey and Italy. Its capabilities include overlay attacks, keylogging, and systematic exploration of note-taking apps. The malware performs extensive environment checks to detect analysis conditions and assess device risk. Perseus represents the ongoing evolution of mobile malware, adapting to remain effective in an increasingly secure mobile environment.

MediumMalwareTurkeyItaly#dto#anti-analysis#overlay attacks

The complete source code for ERMAC V3.0, an advanced banking trojan, was discovered and analyzed, providing rare insight into this active Malware-as-a-Service platform. ERMAC has evolved to target over 700 financial and cryptocurrency apps, employing sophisticated form injection techniques and encrypted communications. The analysis revealed critical vulnerabilities, including hardcoded credentials and default tokens, which could be exploited to disrupt operations. The malware's infrastructure consists of a Laravel-based C2 backend, React control panel, Golang exfiltration service, and an obfuscated Android backdoor. This comprehensive examination exposes the operational risks of the MaaS model and equips defenders with concrete methods to track, detect, and disrupt active ERMAC campaigns.

MediumMalwareGermanyUnited KingdomFrance+7#banking trojan#exfiltration server#c2 backend