Bitcoin Forum>Other>Beginners & Help
Author

Topic: {Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely (Read 185 times)

Saint-loup
legendary
Activity: 2604
Merit: 2353
{Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely
March 02, 2020, 06:55:33 PM
#6
Quote from: hugeblack on March 01, 2020, 03:10:48 AM
How do you consider 2FA authentication as an option to protect your account while you are downloading  the app in an unprotected program ?!

I don’t know how easy it is for a hacker to obtain data, but even if it is not protected, your use of a device connected to the Internet poses risks.
Yes I agree so a good way to avoid that is to disconnect from internet...
The malware doesn't seem to be able to steal the seeds, it only captures the OTP codes displayed by the app on the screen.
So a good way to neutralize this malware is to turn your smartphone into airplane mode when you're using the app, and to let it in this mode 2 or 3 minutes, until the OTP codes become obsoleteand unusable.
hugeblack
legendary
Activity: 2506
Merit: 3645
Buy/Sell crypto at BestChange
Re: {Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely
March 01, 2020, 03:10:48 AM
#5
How do you consider 2FA authentication as an option to protect your account while you are downloading  the app in an unprotected program ?!

I don’t know how easy it is for a hacker to obtain data, but even if it is not protected, your use of a device connected to the Internet poses risks.
Baofeng
legendary
Activity: 2576
Merit: 1655
Re: {Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely
March 01, 2020, 02:24:07 AM
#4
Quote from: JeromeTash on February 29, 2020, 07:43:17 PM
It seems i have not been following this android malware stuff for a while. I wanted to know. Is there any information about the apps that could be infected or associated with the said malware?

It wasn't into the crypto radar scene because the first release of the trojan targeted banking applications. But it was soon discovered that some bad actors has created a new strain/variant evolving not only stealing banking information, but it has now the capability to attack crypto accounts as well specially our we used 2FA to protect our exchange accounts. Maybe we can see more investigations coming in the next month or so, when cyber investigators have the blueprint on how this evolving trojans works on crypto related stuff.
Chikito
legendary
Activity: 2366
Merit: 2054
Re: {Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely
February 29, 2020, 10:00:09 PM
#3
for people who like to trade exchange and have an account with lots of crypto in, it is necessary to have a special offline mobile 2fa.

looking for in a chest of drawers, when finding a dormant cellphone, better to use it for 2fa only. first to do is reset the factory settings and download 2fa auth.

don't online it again and keep offline forever to avoid malware injected.
JeromeTash
legendary
Activity: 2100
Merit: 1208
Heisenberg
Re: {Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely
February 29, 2020, 07:43:17 PM
#2
It seems i have not been following this android malware stuff for a while. I wanted to know. Is there any information about the apps that could be infected or associated with the said malware?

To some extent i think it's safe for users to go for unpopular Operating Systems for security purposes since they have a low user base so hackers have less interest in creating malware for them.

This is why Linux is less threatened compared to windows, iOS compared to Android.

Baofeng
legendary
Activity: 2576
Merit: 1655
Re: {Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely
February 29, 2020, 06:05:40 PM
#1
The trojan has been upgraded with a new functionality to bypass 2FA now.

Quote
The Cerberus banking Trojan that appeared on the threat landscape end of June 2019 has taken over from the infamous Anubis Trojan as major rented banking malware. While offering a feature-set that enables successful exfiltration of personally identifiable information (PII) from infected devices, Cerberus was still lacking features that could help lowering the detection barrier during the abuse of stolen information and fraud. Mid-January 2020, after new-year celebrations, Cerberus authors came back with a new variant that aimed to resolve that problem, a RAT feature to perform fraud from the infected device.

This new Cerberus variant has undergone refactoring of the code base and updates of the C2 communication protocol, but most notably it got enhanced with the RAT capability, possibility to steal device screen-lock credentials (PIN code or swipe pattern) and 2FA tokens from the Google Authenticator application.

https://www.threatfabric.com/blogs/2020_year_of_the_rat.html

We all know that we uses 2FA more frequent now specially in securing our exchanges account. But it seems there could be a a trojan in the horizon that can bypass it.

Although the research says that it is not yet advertise of darkweb forums, but this could be release soon. We should be very very careful now and used every safe practice in the book.



https://twitter.com/ThreatFabric/status/1230537382090293248/photo/1
Bitcoin Forum>Other>Beginners & Help
Jump to: