Cerberus Stalkerware Exploits Google Play for Remote Control of Victims' Devices

Severity: High (Score: 66.0)

Sources: Gbhackers, Cybersecuritynews

Summary

Cerberus Anti-theft, a stalkerware application, has been available on Google Play since October 4, 2023, masquerading as a legitimate anti-theft tool. The app utilizes accessibility services and Google Firebase to enable abusers to gain extensive remote control over victims' Android devices. Once installed, it can silently capture photos, track locations, record audio, and even wipe devices without the victims' consent. Victims are primarily Android users who unknowingly install the app, believing it to be a security tool. The app's presence on Google Play raises significant concerns about the platform's security vetting processes. As of now, the app remains available, posing a continuous threat to users. The situation highlights the need for improved scrutiny of apps that request extensive permissions. Users are advised to be cautious of apps that require accessibility services for non-essential functions. Key Points: • Cerberus Anti-theft is disguised as a legitimate app but functions as stalkerware. • The app exploits accessibility services and Firebase for extensive remote control capabilities. • Victims can unknowingly have their devices compromised, leading to severe privacy violations.

Key Entities

• Malware (attack_type)
• cerberusapp.com (domain)
• Cerberus (malware)
• T1071 - Application Layer Protocol (mitre_attack)
• Android (platform)
• Firebase (platform)
• Google Play (platform)