According to ThreatFabric researchers, the creator of Cerberus shared the source code of the malware in August after a failed attempt to sell it. Although Google’s Play Protect detected all samples of Cerberus, Alien malware was not affected since it was allegedly based on an older version of Cerberus. As a result, Alien malware is now taking the place of Cerberus. Alien malware is packed with malicious features and comes with a slew of capabilities. Here is what the malware offers as of now, according to the findings of ThreatFabric:
Alien Malware Features
Keylogging Remote access SMS harvesting SMS listing, forwarding, sending Device info collection Contact list collection Application listing Location collection Overlaying: Dynamic (Local injects obtained from C2) Targets list update Calls USSD request making Call forwarding Remote actions App installing, starting, removal Showing arbitrary web pages Screen-locking Notifications Push notifications C2 Resilience Auxiliary C2 list Self-protection: Hiding the App icon Preventing removal Emulation-detection Modular Architecture
Alien malware is primarily in use in countries such as Spain, Turkey, Germany, the United States of America, Italy, France, Poland, Australia, the United Kingdom, and India. Image: ThreatFabric The malware is mainly targeted at banking apps. The researchers have found evidence that Alien malware affects over 226 apps. Some notable apps include Kotak – 811 & Mobile Banking, HDFC Bank MobileBanking, SBI Anywhere, and iMobile by ICICI Bank. You can take a look at all the affected apps in the company’s blog post. As always, the easiest way you can stay safe from such malware attacks is to not install apps from unknown sources. As an extra measure, it is recommended to keep the option to install apps from external sources disabled in your phone’s settings.