Cerberus
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Mobile | T1432 | Access Contact List | ||
| Mobile | T1418 | Application Discovery | ||
| Mobile | T1412 | Capture SMS Messages | ||
| Mobile | T1476 | Deliver Malicious App via Other Means |
Cerberus has been delivered to the device via websites that prompt the user to "[…] install Adobe Flash Player" and then downloads the malicious APK to the device.[2] |
|
| Mobile | T1407 | Download New Code at Runtime |
Cerberus can update the malicious payload module on command.[1] |
|
| Mobile | T1523 | Evade Analysis Environment |
Cerberus avoids being analyzed by only activating the malware after recording a certain number of steps from the accelerometer.[1] |
|
| Mobile | T1417 | Input Capture | ||
| Mobile | T1516 | Input Injection |
Cerberus can inject input to grant itself additional permissions without user interaction and to prevent application removal.[1][3] |
|
| Mobile | T1411 | Input Prompt |
Cerberus can generate fake notifications and launch overlay attacks against attacker-specified applications.[1] |
|
| Mobile | T1478 | Install Insecure or Malicious Configuration |
Cerberus disables Google Play Protect to prevent its discovery and deletion in the future.[1] |
|
| Mobile | T1430 | Location Tracking | ||
| Mobile | T1444 | Masquerade as Legitimate Application |
Cerberus has pretended to be an Adobe Flash Player installer.[2] |
|
| Mobile | T1406 | Obfuscated Files or Information |
Cerberus uses standard payload and string obfuscation techniques.[1] |
|
| Mobile | T1582 | SMS Control | ||
| Mobile | T1437 | Standard Application Layer Protocol | ||
| Mobile | T1508 | Suppress Application Icon |
Cerberus hides its icon from the application drawer after being launched for the first time.[1] |
|
| Mobile | T1426 | System Information Discovery |
Cerberus can collect device information, such as the default SMS app and device locale.[1][3] |
|
| Mobile | T1509 | Uncommonly Used Port | ||
| Mobile | T1576 | Uninstall Malicious Application | ||