The Cerberus Trojan, a malicious malware attached to a Spanish currency calculator, bypassed Google’s security barriers and infected users that downloaded the app from Google Play, a report said.
The Calculador de Mondeda app, or Spanish currency calculator, was approved for use by Google Play in March 2020, and was downloaded over 10,000 times by users of tablets, smartphones and mobile devices, according to a Zdnet.com report.
At first the app appeared to be a useful tool for currency conversion. However a dormant code activated the Cerberus Banking Trojan and created an overlay on financial and banking apps a user previously downloaded.
Once a user put in a pass code for a banking app, the information was stolen and sent to a malware command-and-control server, which also forced a download of additional applications to the infected device, according to the report.
The Cerberus Trojan malware, which has been in circulation since June 2019, was able to circumvent security controls and read text messages that delivered one-time user pass codes, as well as grab two-factor authentication controls.
Avast security experts discovered the malware this week, but once identified, the command-control server disappeared, removing the malware from the app.
“Although this was just a short period, it’s a tactic fraudsters frequently use to hide from protection and detection, i.e. limiting the time window where the malicious activity can be discovered,” an Avast security researcher told ZDnet.