Banking trojan Cerberus, the new headache for cyber security officials

Updated: Wednesday, May 20, 2020, 16:34 [IST]

New Delhi, May 20: The Central Bureau of Investigation (CBI) has issued a nationwide alert on the banking trojan Cerberus. The CBI said that this tricks the smartphone users into downloading a malicious link relating to COVID-19.

Banking trojan Cerberus, the new headache for cyber security officials — Representational Image

The advisory was issued by the CBI, following an input from the Interpol. The trojan presents itself as an update related to COVID-19. The trojan primarily focuses on stealing financial data such as credit card numbers. It can use overlay attacks to trick victims into providing personal information and can capture two-factor authentication details, the agency also said.

The trojan takes advantage of the pandemic and sends a text message to lure a user into downloading the link with the malicious software. Once downloaded, the trojan application launches into phishing attacks to steal data such as credit card number and other details.

It may be recalled that the Ministry of Home Affairs had issued an advisory for those working from home. The MHA asked them to take precautions and not fall prey to cyber criminals. On Zoom and Google Hangout, the MHA had advised against sharing links inviting for a meeting publicly or through social media platforms.

MHA advisory on Zoom:

Prevent unauthorised entry in the conference room
Prevent an authorised participant to carry out malicious on
the terminals of other in the conference.
Avoid DOS attack by restricting users through passwords
and access grant.

Most of the settings can be done by login into users zoom account at the website, or installed application at PC/Laptop/Phone and also during conduct of conference. However, certain settings are possible through certain mode/channel only. For example, lock meeting can be enabled by administrator only when the meeting has started. This documents explains in details all the security configuration through website, App and through console during the conduct of conference.

Objective of security configurations:

Setting new user ID and password for each meeting
Enabling waiting Room, so that every user can enter only
when host conducting meeting admits him
Disabling join before host
Allowing Screen Sharing by host Only
Disabling "Allow removed participants to re-join"
Restricting/disabling file transfer option (if not required)
Locking meeting, once all attendees have joined
Restricting the recording feature
To end meeting (and not just leave, if you are administrator

Some tips:

Don't use your personal meeting Id (PMI) to host event, instead use randomly generated meeting IDs for each event.

Don't share your link on public platform, instead share randomly generated meeting id and password for every new meeting session/schedule. It makes it much secure and difficult to leak.

If you are admin, remember to end meeting, do not just leave meeting.

Sign out of your account when not in use