Malicious Software Cerberus | 20 May 2020

Why in News

Recently, the Central Bureau of Investigation (CBI) has sent alerts to all the States, Union Territories and the central agencies on a malicious software (cerberus) threat that is taking advantage of the Covid-19 pandemic.

  • The cyber alert related to Cerberus has been sent on the basis of inputs received from the Interpol.

Key Points

  • Cerberus: It is a Banking Trojan. It is primarily used to steal financial data, such as credit card numbers.
  • Trojan:
    • Trojan is a type of malicious code or software to damage, disrupt, steal, or inflict harmful action on data or network.
    • The Trojan can also use overlay attacks to trick victims into providing personal information and can capture two-factor authentication details.
      • Overlay attacks: An overlay attack happens when an attacker places a window over a legitimate application on the device. When the target application is running, the overlay opens messages or data input forms identical to the real ones. Victims enter information (E.g. login credentials or bank card numbers), believing that they are dealing with the original program.
      • Two-factor authentication: It is a two step verification security process in which users go through two authentication processes to verify themselves.
    • Banking Trojan is a malicious program used in an attempt to obtain confidential information about customers and clients using online banking and payment systems.
  • Working of Cerberus
    • It takes advantage of the Covid-19 pandemic and sends SMS to lure a user to download the link containing the malicious software.
    • It deploys its malicious application usually spread via phishing campaigns to trick users into installing it on their smartphones.
    • Phishing: The email or text message carrying a link appears to come from a trusted source like a bank.
      • The link takes to a fake website and once details like login name and passwords are entered, the login credentials reach the hacker.