Developers Android Trojan Cerberus plan to sell its entire project as a whole. Bidding will take place in the form of an auction and the starting price is $50 thousand $100 thousand developers ready to part with their child, no haggling. For the money the buyer will receive the source code of the Trojan, APK, modules, administration panel, servers, lists existing and potential customers, installation manual and scripts required for the coordinated work of all components.
For at least one year, the developers of Cerberus was actively advertised their services and gave the Trojan to rent for $12 thousand a year. Clients were also available for rent for a shorter term ($4 million for the 3 months and $7 thousand for 6 months). According to the publication sellers on one of the Russian-speaking cybercrime forums, currently the business generates an income of $10 thousand per month. According to them, the team Cerberus collapsed, and the remaining developers do not have time for round-the-clock daily support of a Trojan.
It is worth noting that Cerberus is the first in the world of malware with the function of abduction one-time codes for two-factor authentication. The Trojan combines the functions as a banking Trojan and Trojan for remote access (RAT). The code is written from scratch and is not a “clone” of any Trojans, whose source code was leaked.
Cerberus is able to determine you are running on a real device or in the sandbox. The Trojan has great potential. For example, it could spoof notifications from running on the infected device banking services to force the victim to enter credentials, as well as to steal two-factor authentication codes.