{Warning}: ERMAC - Cerberus 2.0 and more

zanezane

full member

Activity: 868

Merit: 150

★Bitvest.io★ Play Plinko or Invest!

Quote from: stompix on September 29, 2021, 08:04:46 AM

Quote from: zanezane on September 29, 2021, 04:51:01 AM

~

Fake apps in GS, apk downloaded from weird websites, that's the usual way to get it.
Don't download anything fishy, don't trust any website repository because even if they are legit they might be themselves hacked and are distributing malware, don't run any updated that pop in your browser, don't run any auto-downloaded stuff.
And of course, don't open random attachments from strangers.

Also, normally it would be better to not have the 2FA on the same smartphone you use for daily routine, or not install sensitive apps on it, carrying a wallet app with a few thousand around is dangerous even for real-life situations, not just malware attacks.

We need to paint ways to detect if we are downloading safely, especially on phone because that's how some people get hacked or scammed, through their phones which, unlike a computer that has some sort of guard with the help from antivirus.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: zanezane on September 29, 2021, 04:51:01 AM

This is a scary malware, how can we contract this malware though? Because it's not said or is vague, it's a big help if we know how our devices get infected by this malware, hopefully everyone will stay safe, this is a scary one as it can bypass 2FA.

Fake apps in GS, apk downloaded from weird websites, that's the usual way to get it.
Don't download anything fishy, don't trust any website repository because even if they are legit they might be themselves hacked and are distributing malware, don't run any updated that pop in your browser, don't run any auto-downloaded stuff.
And of course, don't open random attachments from strangers.

Also, normally it would be better to not have the 2FA on the same smartphone you use for daily routine, or not install sensitive apps on it, carrying a wallet app with a few thousand around is dangerous even for real-life situations, not just malware attacks.

zanezane

full member

Activity: 868

Merit: 150

★Bitvest.io★ Play Plinko or Invest!

This is a scary malware, how can we contract this malware though? Because it's not said or is vague, it's a big help if we know how our devices get infected by this malware, hopefully everyone will stay safe, this is a scary one as it can bypass 2FA.

cryptomaniac_xxx

hero member

Activity: 1344

Merit: 540

This is really very dangerous, Cerberus is already one of the biggest threat out there and now they have developed more sophisticated iteration of the said malware. And this is the another danger of one group working with another one.

There are a lot of crypto applications that majority of us have been using for years, so this is another reminder to be very careful on downloading crypto apps on our devices.

The Cryptovator

legendary

Activity: 2394

Merit: 2223

Signature space for rent

Often I received spam mail about free Bitcoin or something like this free offer. It's required to click on the link and it's quite suspicious links. So I never bothered to click this kind of link because of malware fear. Usually, I don't install unnecessary apps on my device if I am not well familiar with that apps. Because most attackers use apps and spam mail to hack our devices. So we need to control our greed once find a greedy offer.

Thanks OP, for sharing it with the community. It's a lesson for us, not only for newbies.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

Their target victims are new users/installations huh, a good practice to avoid this is to click the download button or redirect button from the official website of the app instead of using the search function of every app distribution platforms such appstore and playstore. But the website can be hacked too and the download links can be changed as well but that's a different case.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

I went through the crypto related targeted applications (at least the ones I made out), and it’s actually quite extensive:

Quote

bitbank - Bitcoin & Ripple Wallet
Edge - Bitcoin, Ethereum, Monero, Ripple Wallet
Bitcoin Wallet – Airbitz
Binance - Buy & Sell Bitcoin Securely
Bitfinex
Aplikacja Bitmarket
BitPay – Secure Bitcoin Wallet
Coinbase – Buy & Sell Bitcoin. Crypto Wallet
EO.Finance: Buy and Sell Bitcoin. Crypto Wallet
EXMO Official - Trading crypto on the exchange
Pro: Advanced Bitcoin & Crypto Trading (Kraken)
Mycelium Bitcoin Wallet
Paxful Bitcoin Wallet
Bitcoin Wallet - Buy BTC (Polehin)
CEX.IO Cryptocurrency Exchange
Bitcoin Wallet Coincheck

Besides there are tons of banking apps, and even some common elements such as Telegram and Outlook.

The article cites that it is guised in current distributions as antivirus, banking, media player, and chrome but those can and will change, as any pretext app may be devised for these matters.

Baofeng

legendary

Activity: 2576

Merit: 1655

{Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely.

It looks like that the Cerberus Malware has evolved and been improved by another group of threat actors.

Quote

Compared to the original Cerberus, ERMAC uses different encryption scheme in communication with the C2: the data is encrypted with AES-128-CBC, and prepended with double word containing the length of the encoded data:

The commands ERMAC receives and processes, are almost identical to the latest Cerberus commands. A couple of commands are added that can clear the cache of the specified application and steal device accounts

Mode of infection:

Quote

We were able to identify several campaigns with ERMAC involved. The first major campaign started in late August where ERMAC was masquerading as Google Chrome. We have also seen ERMAC masquerading as antivirus, banking, and media player apps.

Targeted applications:

And there are a lot of applications, specially banking, and then those who have used like Amazon.

So stay away from the usual mode of attack/infection from this cyber actors. Check everything before you download any apps to your mobile phones.

https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html

Topic: {Warning}: ERMAC - Cerberus 2.0 and more (Read 119 times)