The threat group that had been operating the Cerberus Android banking trojan has begun auctioning their source code, administrative materials, as well as their entire customer base for a hefty starting bid of $50,000 USD or a flat price of $100,000 USD to bypass the auction. Cerberus is an Android malware family with a focus on banking credential theft. It also has some fairly unique features, such as its ability to detect device movement to indicate if the app was running on a real phone or being tested by an automated sandbox. The group had been renting access to the malware for $12,000 per year. According to the group selling the source code, the operation currently generates about $10,000 per month and has 24 active clients. If both of those claimed numbers are correct, some clients must have negotiated a discounted rate. With a high price tag and all the data necessary to keep the operation running, it seems the group is hoping to attract sophisticated actors with the ability to continue the malware’s operation.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in