Cerberus is a trojan horse targeting Android mobile phone banking credentials.
[2] Its attacks are capable of stealing Google Authenticator and SMS 2FA tokens, behavior that was spotted in February 2020.
[3] Research indicates that Cerberus has developed overlay attacks for over 30 unique targets, making it a versatile threat in the mobile banking landscape.
[4] Cerberus is capable of logging all keystrokes (including passwords) and stealing 2FA tokens from Google Authenticator and SMS messages.
[5] It is sold as Malware as a service on underground forums.