{ "id": "69c85570-5dfb-4e06-8d34-6d16e070c364", "created_at": "2026-04-06T00:16:44.996257Z", "updated_at": "2026-04-10T03:21:27.365755Z", "deleted_at": null, "sha1_hash": "18f882eb1b5c4a49cf05c3ad39b4ff286180529c", "title": "Cerberus Android malware source code offered for sale for $100,000", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2236331, "plain_text": "Cerberus Android malware source code offered for sale for $100,000\r\nBy Ionut Ilascu\r\nPublished: 2020-07-27 · Archived: 2026-04-05 12:42:37 UTC\r\nThe maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close\r\nthe deal for double the money.\r\nThe price includes everything from source code to customer list along with installation guide and the scripts to make\r\ncomponents work together.\r\nProfit potential\r\nFor at least one year, the group behind Cerberus advertised their business and rented the malicious bot for up to $12,000 per\r\nyear. They also offered a license for shorter periods ($4,000/3 months, $7,000/6 months).\r\nhttps://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAccording to a post from the seller on a Russian-speaking underground forum, the business is currently generating $10,000\r\nevery month.\r\nStriking a deal with Cerberus maintainer would get the buyer the source code for the malicious APK as well as the module,\r\nthe admin panel, and the servers.\r\nMotivating that the Cerberus crew split up and they no longer have the time to 24/7 support, the seller is getting rid of\r\neverything, including the customer base with an active license, contacts for customers and potential buyers.\r\nAlon Gal, CTO of cybercrime intelligence firm Hudson Rock, told BleepingComputer that a price tag of $100,000 for a\r\npiece of malware like Cerberus is likely to attract sophisticated threat actors with capabilities to maintain and improve the\r\nproject.\r\nCerberus has been analyzed by malware researchers at ThreatFabric, who found that it was not a clone of Anubis banker,\r\nwhose source code got leaked in 2019.\r\nThe malware stands on its code that can detect movement of the infected device to determine a real system and avoid\r\nrunning in a sandbox environment.\r\nCerberus bot has extensive functionality, being able to spoof notifications from the banking service present on the device to\r\nprompt the victim to type in login credentials, and steal two-factor authentication codes, run any installed apps.\r\nThe seller included in their thread a post from the summer of 2019 showing all the capabilities available in Cerberus:\r\nThe malware has been heavily promoted on public channels and is well-known in cybercriminal communities. When the\r\nactors behind it started renting it, they claimed it had been used privately for two years.\r\nIt emerged in a time when Anubis-based bankers were very common and stood out as a more reliable alternative for\r\ncollecting banking credentials.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nhttps://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/\r\nPage 3 of 4\n\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/\r\nhttps://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/" ], "report_names": [ "cerberus-android-malware-source-code-offered-for-sale-for-100-000" ], "threat_actors": [], "ts_created_at": 1775434604, "ts_updated_at": 1775791287, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/18f882eb1b5c4a49cf05c3ad39b4ff286180529c.pdf", "text": "https://archive.orkl.eu/18f882eb1b5c4a49cf05c3ad39b4ff286180529c.txt", "img": "https://archive.orkl.eu/18f882eb1b5c4a49cf05c3ad39b4ff286180529c.jpg" } }