The Cerberus V2 malware is a sophisticated Android banking Trojan designed to steal sensitive financial information and credentials and bypass multi-factor authentication (MFA). Initially emerging as a successor to the original Cerberus malware, this threat has evolved into a modular, subscription-based malware-as-a-service (MaaS) available on underground forums.
Download Server 1 Download Server 2 Download Server 3
1. What is Cerberus V2?
Cerberus is a remote access Trojan (RAT) and banking malware targeting Android devices. It was first discovered in 2019 as an evolution of the original Cerberus malware, which was shut down after its author was arrested.
2. Key Features & Capabilities
A. Overlay Attacks (Fake Login Screens)
- Displays fake banking app interfaces when the victim opens a legitimate app.
- Captures usernames, passwords, and credit card details.
B. SMS Interception (2FA Bypass)
- Reads incoming SMS messages (including OTPs for banking transactions).
- Can delete messages to hide malicious activity.
C. Remote Access & Control
- Allows attackers to control the infected device remotely.
- Can lock the device (ransomware-like behavior).
D. Stealth & Evasion Techniques
- Hides its icon from the app drawer.
- Uses dynamic code loading to evade detection.
- Can disable Google Play Protect.
E. Modular Architecture
- Attackers can add/remove features as needed.
- Modules include:
- Banking theft
- Ransomware lockers
- Cryptocurrency theft
