• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Mobile Device Management  /  EMM stakeholders warned to watch out for sophisticated Cerebrus spyware
Is your Enterprise Mobility Management suite equipped to tackle Cerebrus Spyware
25 May 2020

EMM stakeholders warned to watch out for sophisticated Cerebrus spyware

Written by Viraj Talikotkar
Viraj Talikotkar
Mobile Device Management
Estimated reading time: 3 minutes

A new variant of the Cerebrus Android Trojan has been discovered with dangerous spyware capabilities. Enterprise Mobility Management (EMM) stakeholders are warned to remain vigilant and prevent being exploited by this Trojan.

Cerebrus was detected last year and was classified as a standard banking Trojan. However, the new variant that was recently discovered this month was observed to have sophisticated information harvesting capabilities along with the ability to remotely run TeamViewer on Samsung devices.

Cerebrus possesses sophisticated information harvesting capabilities

Researchers also pointed out that the Trojan possessed Mobile Remote Access Trojan (MRAT) capabilities. This enabled the malware to log all keystrokes on the device including user credentials, Google Authenticator data, fingerprint data and all texts received, including for two-factor authentication.  The information is then uploaded to a remote command & control (C&C) server.

The variant was discovered when it was targeting a multinational conglomerate and was distributed through the company’s Mobile Device Manager (MDM) server. It infected over 75% of the company’s devices.

Once Cerebrus is installed on a device, it appears as a window requiring an Accessibility services update. The window keeps appearing even if it dismissed. Once the user clicks on accept, the malware uses the accessibility service to access menu options and can then bypass all user interaction.

Ability to log keystrokes and run TeamViewer remotely

What makes this malware so dangerous is its sophisticated spyware attributes. The malware can leverage the accessibility service to download highly confidential user data such as Google authenticator credentials, Gmail passwords and phone unlocking patterns. All this information, including a list of files and installed applications, all user keystrokes, is uploaded to a remote command & control server. On the request of this remote server, specific files can also be uploaded on the device.

On Samsung devices, Cerebrus goes one step further with the ability to run TeamViewer, a remote access application, while keeping the device unlocked. The malware uses the Samsung KNOX functionality to automatically grant permissions and hence opens up the device to be remotely used by a malicious threat actor. The malware also blocks attempts to uninstall TeamViewer while preventing users from accessing the application itself.

Investigations found that the malware had spread extremely quickly by compromising the Mobile Device Management (MDM) server as an attack vector. This attack has brought into prominence the importance of maintaining and managing a secure MDM system, especially at a time like this when the COVID-19 pandemic has forced many employers to mandate remote working for their employees.

The Seqrite Advantage

The Cerebrus spyware has successfully helped in distinguishing the otherwise grey area into black and white, that of managing and securing devices— while device management includes configuring policies, settings, applications etc., device security exclusively concentrates on protecting the device from malware and other forms of cyberattacks. Most EMM suites, typically focus a lot more on managing devices than on securing them.

Seqrite’s EMM suite though provides best in class device management features complmented with security features (like Anti-virus) to eradicate the threat of  advanced malware such as Cerebrus.

Specific to security, Seqrite’s EMM products, the mSuite and Workspace are already equipped with capabilities that protect your organization from advanced threats such as the Cerebrus malware. The suite comes pre-equipped with cutting-edge modules such as a secured container, anti-malware, web security and scheduled scans ensuring the security of your corporate mobile devices.

Mentioned below are advanced modules of the mSuite and Workspace that facilitate seamless Enterprise Mobility Management experience –

mSuite

Seqrite’s mSuite provides an Enterprise Mobility Management (EMM) solution which offers both a cloud as well as an on-premise offering. Powered by GoDeep.Ai, Seqrite’s Artificial Intelligence platform, mSuite offers enterprises the opportunity to mobilize their workforce with the flexibility and control to secure company data on any device. Best-in-class Anti-malware keeps Android devices safe from Viruses, Trojans, Ransomware, Fake apps, Malicious apps, etc.

The App Management feature allows seamless management of applications on company devices while Data Monitoring & Management features help enterprises to define digital boundaries and enhance device security with multiple default policies that can be customized for compliance.

Workspace

Along with mSuite, Seqrite Workspace also offers a great solution for organizations to protect their data in a Bring Your Own Device (BYOD) environment. Workspace enables this by creating a virtual workspace on employee-owned devices which prevents data leaks and establishes boundaries between personal and organizational data.

 Previous PostWay Out of The MAZE: A Quick Guide For Defending Against Maze Ran...
Next Post  Seqrite Endpoint Security supports Windows 10 May 2020 Update 20H...
Viraj Talikotkar
About Viraj Talikotkar

Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on the lookout to discover and write about the latest innovations that safeguard...

Articles by Viraj Talikotkar »

Related Posts

  • Are you doing enough to protect your sensitive data?

    Did you know that adversaries are planning to steal your data?

    September 11, 2020
  • Are new business trends vulnerable to cyberthreats?

    Are you taking your enterprise mobility management seriously?

    August 20, 2019
  • Enterprise Mobile Device Management

    Enterprises are getting ready for Enterprise mobility management

    August 6, 2019

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form March 22, 2021
  • Benefits of having Intrusion Prevention/Detection System in your enterprise Benefits of having Intrusion Prevention/Detection System in your enterprise February 15, 2018
  • 5 Security measures you should take to protect your organization’s network 5 Security measures you should take to protect your organization’s network August 11, 2017

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • How to avoid dual attack and vulnerable files with double extension?

    How to avoid dual attack and vulnerable files with double extension?

    April 9, 2021
  • Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    April 4, 2021
  • Zloader: Entailing Different Office Files

    Zloader: Entailing Different Office Files

    March 23, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (10) Bitcoin (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (284) cyber security (26) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (103) Enterprise security (14) EPS (9) Exploit (12) firewall (11) GDPR (10) IoT (10) malware (59) malware attack (23) malware attacks (12) MDM (25) Network security (18) Patch Management (12) phishing (17) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite Workspace
  • Unified Threat Management
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.