Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Author

Topic: {Warning}: ERMAC - Cerberus 2.0 and more (Read 99 times)

zanezane
full member
Activity: 868
Merit: 150
★Bitvest.io★ Play Plinko or Invest!
{Warning}: ERMAC - Cerberus 2.0 and more
September 30, 2021, 05:39:21 AM
#8
Quote from: stompix on September 29, 2021, 09:04:46 AM
Quote from: zanezane on September 29, 2021, 05:51:01 AM
~

Fake apps in GS, apk downloaded from weird websites, that's the usual way to get it.
Don't download anything fishy, don't trust any website repository because even if they are legit they might be themselves hacked and are distributing malware, don't run any updated that pop in your browser, don't run any auto-downloaded stuff.
And of course, don't open random attachments from strangers.

Also, normally it would be better to not have the 2FA on the same smartphone you use for daily routine, or not install sensitive apps on it, carrying a wallet app with a few thousand around is dangerous even for real-life situations, not just malware attacks.
We need to paint ways to detect if we are downloading safely, especially on phone because that's how some people get hacked or scammed, through their phones which, unlike a computer that has some sort of guard with the help from antivirus.
stompix
legendary
Activity: 2828
Merit: 6108
Blackjack.fun
Re: {Warning}: ERMAC - Cerberus 2.0 and more
September 29, 2021, 09:04:46 AM
#7
Quote from: zanezane on September 29, 2021, 05:51:01 AM
This is a scary malware, how can we contract this malware though? Because it's not said or is vague, it's a big help if we know how our devices get infected by this malware, hopefully everyone will stay safe, this is a scary one as it can bypass 2FA.

Fake apps in GS, apk downloaded from weird websites, that's the usual way to get it.
Don't download anything fishy, don't trust any website repository because even if they are legit they might be themselves hacked and are distributing malware, don't run any updated that pop in your browser, don't run any auto-downloaded stuff.
And of course, don't open random attachments from strangers.

Also, normally it would be better to not have the 2FA on the same smartphone you use for daily routine, or not install sensitive apps on it, carrying a wallet app with a few thousand around is dangerous even for real-life situations, not just malware attacks.
zanezane
full member
Activity: 868
Merit: 150
★Bitvest.io★ Play Plinko or Invest!
Re: {Warning}: ERMAC - Cerberus 2.0 and more
September 29, 2021, 05:51:01 AM
#6
This is a scary malware, how can we contract this malware though? Because it's not said or is vague, it's a big help if we know how our devices get infected by this malware, hopefully everyone will stay safe, this is a scary one as it can bypass 2FA.
cryptomaniac_xxx
hero member
Activity: 1344
Merit: 540
Re: {Warning}: ERMAC - Cerberus 2.0 and more
September 29, 2021, 05:35:06 AM
#5
This is really very dangerous, Cerberus is already one of the biggest threat out there and now they have developed more sophisticated iteration of the said malware. And this is the another danger of one group working with another one.

There are a lot of crypto applications that majority of us have been using for years, so this is another reminder to be very careful on downloading crypto apps on our devices.
The Cryptovator
legendary
Activity: 2240
Merit: 2174
Need PR/CMC & CG? TG @The_Cryptovator
Re: {Warning}: ERMAC - Cerberus 2.0 and more
September 28, 2021, 02:11:46 PM
#4
Often I received spam mail about free Bitcoin or something like this free offer. It's required to click on the link and it's quite suspicious links. So I never bothered to click this kind of link because of malware fear. Usually, I don't install unnecessary apps on my device if I am not well familiar with that apps. Because most attackers use apps and spam mail to hack our devices. So we need to control our greed once find a greedy offer.

Thanks OP, for sharing it with the community. It's a lesson for us, not only for newbies.
bL4nkcode
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
Re: {Warning}: ERMAC - Cerberus 2.0 and more
September 28, 2021, 01:17:00 PM
#3
Their target victims are new users/installations huh, a good practice to avoid this is to click the download button or redirect button from the official website of the app instead of using the search function of every app distribution platforms such appstore and playstore. But the website can be hacked too and the download links can be changed as well but that's a different case.
DdmrDdmr
legendary
Activity: 2310
Merit: 10758
There are lies, damned lies and statistics. MTwain
Re: {Warning}: ERMAC - Cerberus 2.0 and more
September 28, 2021, 10:11:12 AM
#2
I went through the crypto related targeted applications (at least the ones I made out), and it’s actually quite extensive:
Quote
bitbank - Bitcoin & Ripple Wallet
Edge - Bitcoin, Ethereum, Monero, Ripple Wallet
Bitcoin Wallet – Airbitz
Binance - Buy & Sell Bitcoin Securely
Bitfinex
Aplikacja Bitmarket
BitPay – Secure Bitcoin Wallet
Coinbase – Buy & Sell Bitcoin. Crypto Wallet
EO.Finance: Buy and Sell Bitcoin. Crypto Wallet
EXMO Official - Trading crypto on the exchange
Pro: Advanced Bitcoin & Crypto Trading (Kraken)
Mycelium Bitcoin Wallet
Paxful Bitcoin Wallet
Bitcoin Wallet - Buy BTC (Polehin)
CEX.IO Cryptocurrency Exchange
Bitcoin Wallet Coincheck
Besides there are tons of banking apps, and even some common elements such as Telegram and Outlook.

The article cites that it is guised in current distributions as antivirus, banking, media player, and chrome but those can and will change, as any pretext app may be devised for these matters.
Baofeng
legendary
Activity: 2576
Merit: 1655
Re: {Warning}: ERMAC - Cerberus 2.0 and more
September 28, 2021, 07:47:13 AM
#1
{Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely.

It looks like that the Cerberus Malware has evolved and been improved by another group of threat actors.

Quote
Compared to the original Cerberus, ERMAC uses different encryption scheme in communication with the C2: the data is encrypted with AES-128-CBC, and prepended with double word containing the length of the encoded data:

The commands ERMAC receives and processes, are almost identical to the latest Cerberus commands. A couple of commands are added that can clear the cache of the specified application and steal device accounts

Mode of infection:

Quote
We were able to identify several campaigns with ERMAC involved. The first major campaign started in late August where ERMAC was masquerading as Google Chrome. We have also seen ERMAC masquerading as antivirus, banking, and media player apps.

Targeted applications:






And there are a lot of applications, specially banking, and then those who have used like Amazon.

So stay away from the usual mode of attack/infection from this cyber actors. Check everything before you download any apps to your mobile phones.

https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html
Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Jump to: