Title: {Warning}: ERMAC - Cerberus 2.0 and more Post by: Baofeng on September 28, 2021, 11:47:13 AM {Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely (https://bitcointalk.org/index.php?topic=5229475.0).
It looks like that the Cerberus Malware has evolved and been improved by another group of threat actors. Quote Compared to the original Cerberus, ERMAC uses different encryption scheme in communication with the C2: the data is encrypted with AES-128-CBC, and prepended with double word containing the length of the encoded data: The commands ERMAC receives and processes, are almost identical to the latest Cerberus commands. A couple of commands are added that can clear the cache of the specified application and steal device accounts Mode of infection: Quote We were able to identify several campaigns with ERMAC involved. The first major campaign started in late August where ERMAC was masquerading as Google Chrome. We have also seen ERMAC masquerading as antivirus, banking, and media player apps. Targeted applications: https://i.imgur.com/PDPLN18.png https://i.imgur.com/UTGrONk.png https://i.imgur.com/1fdT8YL.png https://i.imgur.com/VhOffAh.png And there are a lot of applications, specially banking, and then those who have used like Amazon. So stay away from the usual mode of attack/infection from this cyber actors. Check everything before you download any apps to your mobile phones. https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html Title: Re: {Warning}: ERMAC - Cerberus 2.0 and more Post by: DdmrDdmr on September 28, 2021, 02:11:12 PM I went through the crypto related targeted applications (at least the ones I made out), and its actually quite extensive:
Quote bitbank - Bitcoin & Ripple Wallet Besides there are tons of banking apps, and even some common elements such as Telegram and Outlook.Edge - Bitcoin, Ethereum, Monero, Ripple Wallet Bitcoin Wallet Airbitz Binance - Buy & Sell Bitcoin Securely Bitfinex Aplikacja Bitmarket BitPay Secure Bitcoin Wallet Coinbase Buy & Sell Bitcoin. Crypto Wallet EO.Finance: Buy and Sell Bitcoin. Crypto Wallet EXMO Official - Trading crypto on the exchange Pro: Advanced Bitcoin & Crypto Trading (Kraken) Mycelium Bitcoin Wallet Paxful Bitcoin Wallet Bitcoin Wallet - Buy BTC (Polehin) CEX.IO Cryptocurrency Exchange Bitcoin Wallet Coincheck The article cites that it is guised in current distributions as antivirus, banking, media player, and chrome but those can and will change, as any pretext app may be devised for these matters. Title: Re: {Warning}: ERMAC - Cerberus 2.0 and more Post by: bL4nkcode on September 28, 2021, 05:17:00 PM Their target victims are new users/installations huh, a good practice to avoid this is to click the download button or redirect button from the official website of the app instead of using the search function of every app distribution platforms such appstore and playstore. But the website can be hacked too and the download links can be changed as well but that's a different case.
Title: Re: {Warning}: ERMAC - Cerberus 2.0 and more Post by: The Cryptovator on September 28, 2021, 06:11:46 PM Often I received spam mail about free Bitcoin or something like this free offer. It's required to click on the link and it's quite suspicious links. So I never bothered to click this kind of link because of malware fear. Usually, I don't install unnecessary apps on my device if I am not well familiar with that apps. Because most attackers use apps and spam mail to hack our devices. So we need to control our greed once find a greedy offer.
Thanks OP, for sharing it with the community. It's a lesson for us, not only for newbies. Title: Re: {Warning}: ERMAC - Cerberus 2.0 and more Post by: cryptomaniac_xxx on September 29, 2021, 09:35:06 AM This is really very dangerous, Cerberus is already one of the biggest threat out there and now they have developed more sophisticated iteration of the said malware. And this is the another danger of one group working with another one.
There are a lot of crypto applications that majority of us have been using for years, so this is another reminder to be very careful on downloading crypto apps on our devices. Title: Re: {Warning}: ERMAC - Cerberus 2.0 and more Post by: zanezane on September 29, 2021, 09:51:01 AM This is a scary malware, how can we contract this malware though? Because it's not said or is vague, it's a big help if we know how our devices get infected by this malware, hopefully everyone will stay safe, this is a scary one as it can bypass 2FA.
Title: Re: {Warning}: ERMAC - Cerberus 2.0 and more Post by: stompix on September 29, 2021, 01:04:46 PM This is a scary malware, how can we contract this malware though? Because it's not said or is vague, it's a big help if we know how our devices get infected by this malware, hopefully everyone will stay safe, this is a scary one as it can bypass 2FA. Fake apps in GS, apk downloaded from weird websites, that's the usual way to get it. Don't download anything fishy, don't trust any website repository because even if they are legit they might be themselves hacked and are distributing malware, don't run any updated that pop in your browser, don't run any auto-downloaded stuff. And of course, don't open random attachments from strangers. Also, normally it would be better to not have the 2FA on the same smartphone you use for daily routine, or not install sensitive apps on it, carrying a wallet app with a few thousand around is dangerous even for real-life situations, not just malware attacks. Title: Re: {Warning}: ERMAC - Cerberus 2.0 and more Post by: zanezane on September 30, 2021, 09:39:21 AM ~ Fake apps in GS, apk downloaded from weird websites, that's the usual way to get it. Don't download anything fishy, don't trust any website repository because even if they are legit they might be themselves hacked and are distributing malware, don't run any updated that pop in your browser, don't run any auto-downloaded stuff. And of course, don't open random attachments from strangers. Also, normally it would be better to not have the 2FA on the same smartphone you use for daily routine, or not install sensitive apps on it, carrying a wallet app with a few thousand around is dangerous even for real-life situations, not just malware attacks. |