| Title | New Cerberus Android Banker Uses Pedometer to Avoid Analysis [Repost] | |
| Date | Thursday August 15 2019, @06:52PM | |
| Author | janrinok | |
| Topic | ||
| from the stepping-up-their-game dept. | ||
Submitted via IRC for SoyCow7671
New Cerberus Android Banker Uses Pedometer to Avoid Analysis
A new banking trojan for Android devices relies on the accelerometer sensor to delay its running on the system and thus evade analysis from security researchers.
Cerberus malware has recently stepped into the malware-as-a-service business filling the void left by the demise of previous Android bankers.
The malware author(s) claim that it was used privately for the past two years and that they created Cerberus from scratch over several years.
Security researchers from Amsterdam-based cybersecurity company ThreatFabric analyzed a sample of the malware and found that it did not borrow from Anubis, an Android banker whose source code got leaked, sparking the creation of clones.
Payload and string obfuscation are normal techniques for making analysis and detection more difficult, but Cerberus also uses a mechanism that determines if the infected system is moving or not.
The trojan achieves this by reading data from the accelerometer sensor present on Android devices to measure the acceleration force on all three physical axes, X, Y, and Z, also considering the force of gravity.
By implementing a simple pedometer, Cerberus can track if the victim is moving [...]. A real person will move around, generating motion data and increasing the step counter.
| Links |
printed from SoylentNews, New Cerberus Android Banker Uses Pedometer to Avoid Analysis [Repost] on 2023-07-20 00:03:52