Alien RAT with 2FA-Stealing Technique
A new variant of Cerberus malware, which is available for rent on underground forums since January, has been found invading Android devices and targeting more than 200 applications.
The newly identified banking trojan called Alien shares several common capabilities with the Cerberus banking malware.
Researchers reported the Alien RAT targeting a list of at least 226 mobile applications, including banking apps such as BBVA Spain, Bank of America Mobile Banking, as well as a slew of collaboration and social networking apps such as Twitter, Snapchat, and Instagram.
It comes equipped with an advanced ability to bypass two-factor authentication (2FA) security measures to steal the victim’s credentials. The malware also abuses the TeamViewer application to gain full remote control over the victim’s devices.
Researchers speculate that Alien RAT is a fork of the Cerberus malware that has undergone a steady demise in use over the past year, and was up for sale in August. Besides having several common capabilities, there are a few notable differences.
Alien RAT has been implemented separately from the main command handler using different command-and-control (C2) endpoints.
Moreover, Alien’s 2FA-stealing technique is an additional feature than Cerberus’s capabilities.
More malware adding 2FA-bypass technique
Several attackers and malware operators have upgraded their malware and attack vectors to target the 2FA-bypass technique and carry out more successful attacks.
Banking trojans have been evolving with new and improved features to increase the success rate of fraud recently. Financial institutions are recommended to assess their current and future threat exposure and implement relevant detection and control mechanisms at the earliest.