Data Security

Source code of Cerberus banking trojan released online for free

The source code leak came after the failed auction attempt from the developer of Cerberus banking trojan 

Exit strategies are not only a thing in a legitimate business. Turns out, cybercriminals also want in on the action after developing a successful malicious system.

Such was the case recently where it has been discovered that the Cerberus banking trojan – active since July 2019 – was being auctioned by one of its developers starting from $50,000 in a bid to pass on the malware to someone else since the current team was being split.

The components included within it were the source code, servers, administration panel code, and a list of clients along with their contact information.

Source: Hudson Rock – a snapshot of the auction post.

The functionality of the malware includes the ability to intercept communications such as reading messages, engage in surveillance, and stealing financial information related to banking data.



In fact, this was the very same malware that we covered in July 2020 which was found “stealing user’s banking credentials via a Spanish currency converter app” on Google Play Store.

All of these activities allegedly brought in a profit of $10,000 per month for the attackers.

However, despite this, soon afterward, no one really seemed to be interested in that price and the auction failed. According to Kaspersky cybersecurity researcher Dmitry Galov, this led the developer to ultimately release the source code for free on a Russian based underground forum for certain premium users under the name of “Cerberus v2.”

ESET’s Lukas Stefanko tweeted about the source code leak in August.

What has followed is a rise in the number of smartphone-based cyber-attacks in both Europe and Russia. Furthermore, now, we may also see a rise in ripped-off variants of Cerberus creating a nightmare for cyber-defenders.

To conclude, this is not the first time though it was being offered for sale. Previously, although not in the form of an auction, the attackers positioned it in the form of a Malware as a Service (Maas) with multiple subscription options – a monthly plan for $4000 and a yearly one for $12,000.

For the time being, users – particularly Android ones – are advised to follow basic security practices like refraining from downloading lesser-known apps and keeping a reliable antivirus software running alongside.

To Top

Pin It on Pinterest

Share This