Submitted via IRC for SoyCow7671
New Cerberus Android Banker Uses Pedometer to Avoid Analysis
A new banking trojan for Android devices relies on the accelerometer sensor to delay its running on the system and thus evade analysis from security researchers.
Cerberus malware has recently stepped into the malware-as-a-service business filling the void left by the demise of previous Android bankers.
The malware author(s) claim that it was used privately for the past two years and that they created Cerberus from scratch over several years.
Security researchers from Amsterdam-based cybersecurity company ThreatFabric analyzed a sample of the malware and found that it did not borrow from Anubis, an Android banker whose source code got leaked, sparking the creation of clones.
Payload and string obfuscation are normal techniques for making analysis and detection more difficult, but Cerberus also uses a mechanism that determines if the infected system is moving or not.
The trojan achieves this by reading data from the accelerometer sensor present on Android devices to measure the acceleration force on all three physical axes, X, Y, and Z, also considering the force of gravity.
By implementing a simple pedometer, Cerberus can track if the victim is moving [...]. A real person will move around, generating motion data and increasing the step counter.
(Score: 0) by Anonymous Coward on Thursday August 15 2019, @07:40PM
Not only my phone idles around when charging and rarely notifies me on time, whenever I'm about to step in or out of the room, just as I stand from my chair or when twisting the doorknob, the display powers on and half-a-dozen notifications popup seeking my immediate attention.
(Score: 1, Touché) by Anonymous Coward on Thursday August 15 2019, @11:05PM
being a fat bastard has its advantages