Cerberus

Malware updated 2 months ago (2024-07-16T14:17:38.603Z)

Download STIX

Preview STIX

Cerberus is a type of malware, a harmful software designed to exploit and damage systems. It has been found to be associated with various platforms and versions of Siemens Cerberus PRO UL, including the Compact Panel FC922/924 and the Engineering Tool, all versions prior to MP4. Additionally, Cerberus was also discovered in multiple versions of the Siemens Cerberus PRO UL X300 Cloud Distribution, all versions before V4.3.0001. The malware can infect systems through suspicious downloads, emails, or websites, often without user knowledge, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. A Cerberus sample (SHA-256 1249c4d3a4b499dc8a9a2b3591614966145daac808d440e5202335d9a4226ff8) was identified as being digitally code-signed with a generic Android certificate. This malware has been linked with other malicious programs such as Cobalt Strike, Meterpreter, DarkComet, and Empire Powershell. Moreover, it's been used in many Android-based banking Trojans like BianLian, Cerberus, and TeaBot, utilizing a method known as BadPack. To mitigate the risk from Cerberus, updates have been suggested for affected systems. For the Siemens Cerberus PRO UL Engineering Tool, Desigo Fire Safety UL Compact Panel FC2025/2050, and Desigo Fire Safety UL Engineering Tool, users should update to MP4 or later version. Similarly, for the Cerberus PRO UL X300 Cloud Distribution and Desigo Fire Safety UL X300 Cloud Distribution, an update to V4.3.0001 or later version is recommended. Successful exploitation of this malware requires an on-path attacker that intercepts the communication of the engineering tool in the fire system network. The possible impact is limited to the tool, not the underlying operating system, although code execution might be possible on the underlying OS with the privileges of the engineering tool user account.

Description last updated: 2024-07-16T14:15:48.656Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Android

Vulnerability

Siemens

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Teabot	Unspecified	2	TeaBot, also known as Anatsa, is a sophisticated Android banking Trojan that targets applications from over 650 financial institutions. It was first observed to use second-stage dropper applications that appear benign to users, deceiving them into installing the payload. TeaBot utilizes remote paylo

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Bianlian	Unspecified	2	BianLian is a significant threat actor within the cybersecurity landscape, known for its malicious activities and cyber-attacks. The group has been particularly active in exploiting bugs in JetBrains TeamCity, a popular continuous integration and deployment system used by software development teams.

Source Document References

Information about the Cerberus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	2 months ago	'BadPack' APK Files Make Android Malware Hard to Detect
Unit42	2 months ago	Beware of BadPack: One Weird Trick Being Used Against Android Devices
Canadian Centre for Cyber Security	4 months ago	[Control systems] CISA ICS security advisories (AV24-283) - Canadian Centre for Cyber Security
CISA	4 months ago	Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems \| CISA
Canadian Centre for Cyber Security	6 months ago	[Control systems] CISA ICS security advisories (AV24-150) - Canadian Centre for Cyber Security
CERT-EU	6 months ago	ChatGPT side-channel attack has easy fix: token obfuscation
CERT-EU	6 months ago	Multiple vulnerabilities in Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems
CERT-EU	6 months ago	Remote code execution in Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems
Canadian Centre for Cyber Security	6 months ago	[Control systems] Siemens security advisory (AV24-137) - Canadian Centre for Cyber Security
CERT-EU	6 months ago	Gen. Mark Milley’s Second Act: Multimillionaire
Bitdefender	8 months ago	Unveiling Mobile App Secrets: A 6-Month Deep Dive into Surprising Behavior Patterns
CERT-EU	9 months ago	Search \| arXiv e-print repository
CERT-EU	10 months ago	The rise of mobile app overlay attacks and how to defend against them [Q&A]
CERT-EU	a year ago	Semkel and Searchlight Cyber Form Strategic Partnership – Global Security Mag Online
CERT-EU	a year ago	Semkel and Searchlight Cyber Form Strategic Partnership – Global Security Mag Online
Unit42	a year ago	Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
CERT-EU	2 years ago	Hackers Allegedly Stole Activision's Upcoming Call Of Duty Games, Employee Data - TechShout
Recorded Future	2 years ago	2022 Adversary Infrastructure Report
InfoSecurity-magazine	2 years ago	Ransomware Attack Forces Closure of Nantucket Schools
CERT-EU	a year ago	Can 'Mad Libs for incident response' prevent the next MOVEit