We talk about a trap that even experienced users will not notice.
Cerberus was once again at the center of history, where the phone protection app turns into a surveillance tool. According to Mark Esler, author of the technical blog hex proof, the program is available on Google Play and can quietly shoot the smartphone owner, record sound, track geolocation and execute commands from a remote control panel.
We are talking about Cerberus Anti-theft from the Italian LSDroid SRL. Subscription costs 5 euros per month, and the current version is on Google Play from October 4, 2023. Esler claims that the application is able to run a hidden shooting from the front and main camera, record video and sound, read contacts, call and SMS log, send messages on behalf of the owner, block the device, erase data and show the specified text on the lock screen.
Special attention in the analysis is given to the function of false shutdown. Cerberus can show an almost indistinguishable Android shutdown screen, then darken the display, but leave the smartphone active. In this state, the camera, microphone and GPS continue to work.
The application also has related components. Lock Screen Protector, published by the same developer account, asks for access to special features of Android. After issuing a resolution, the program can read the contents of the screen, perform gestures and take screenshots. When you try to turn off the phone, it closes the system power menu and transmits the Cerberus image of the lock screen.
According to Esler, Cerberus has already appeared in academic work as a stalker software in relationships. In 2018, Cornell Tech and NYU reported it to Google. The app was later removed from Google Play for another reason related to the installation of programs from third-party sources. In 2023, Cerberus returned to the store under the new name of the package, but, according to the author of the analysis, retained most of the previous possibilities.
The publication also says that several LSDroid apps use the HiddenApyBypass library, which helps to access hidden features of Android. According to the author, such a component and the set of possibilities of Cerberus contradict the rules of Google Play on malicious behavior and stalker software.
Google, according to the analysis, is associated with Cerberus immediately through several services. Google Play distributes apps, AdMob shows ads, and Firebase is used to transfer commands to devices. The author claims that Google received a notification before publication, but at the time of the release of the application was released, the application remained available.
For victims, the main risk is not only with surveillance, but also with an attempt to remove independently. Cerberus and related components may inform the operator of the change of permissions and other actions on the device. Specialists in the protection of victims of domestic violence usually advise to check such phones only from a safe device and with the support of specialized organizations.
Cerberus was once again at the center of history, where the phone protection app turns into a surveillance tool. According to Mark Esler, author of the technical blog hex proof, the program is available on Google Play and can quietly shoot the smartphone owner, record sound, track geolocation and execute commands from a remote control panel.
We are talking about Cerberus Anti-theft from the Italian LSDroid SRL. Subscription costs 5 euros per month, and the current version is on Google Play from October 4, 2023. Esler claims that the application is able to run a hidden shooting from the front and main camera, record video and sound, read contacts, call and SMS log, send messages on behalf of the owner, block the device, erase data and show the specified text on the lock screen.
Special attention in the analysis is given to the function of false shutdown. Cerberus can show an almost indistinguishable Android shutdown screen, then darken the display, but leave the smartphone active. In this state, the camera, microphone and GPS continue to work.
The application also has related components. Lock Screen Protector, published by the same developer account, asks for access to special features of Android. After issuing a resolution, the program can read the contents of the screen, perform gestures and take screenshots. When you try to turn off the phone, it closes the system power menu and transmits the Cerberus image of the lock screen.
According to Esler, Cerberus has already appeared in academic work as a stalker software in relationships. In 2018, Cornell Tech and NYU reported it to Google. The app was later removed from Google Play for another reason related to the installation of programs from third-party sources. In 2023, Cerberus returned to the store under the new name of the package, but, according to the author of the analysis, retained most of the previous possibilities.
The publication also says that several LSDroid apps use the HiddenApyBypass library, which helps to access hidden features of Android. According to the author, such a component and the set of possibilities of Cerberus contradict the rules of Google Play on malicious behavior and stalker software.
Google, according to the analysis, is associated with Cerberus immediately through several services. Google Play distributes apps, AdMob shows ads, and Firebase is used to transfer commands to devices. The author claims that Google received a notification before publication, but at the time of the release of the application was released, the application remained available.
For victims, the main risk is not only with surveillance, but also with an attempt to remove independently. Cerberus and related components may inform the operator of the change of permissions and other actions on the device. Specialists in the protection of victims of domestic violence usually advise to check such phones only from a safe device and with the support of specialized organizations.
