Cerberus Stalkerware on Google Play
An alarming application called Cerberus Anti-theft has been operating unnoticed on the Google Play Store since early October 2023. Disguised as a legitimate anti-theft solution, this app covertly captures photos, tracks locations, records audio, and can even erase device data without user consent.
Stealthy Operations and Subscription Model
This app, marketed under the package name com.ssurebrec, is available for a subscription fee of 5 euros monthly. Developed by LSDroid SRL, an Italian company based in Milan, Cerberus’s presence on the Google Play Store highlights significant security concerns, as it has remained active and functional for over a year, collecting user data unchallenged.
While the app is designed to appear legitimate, its true capabilities raise serious concerns. Once installed, Cerberus performs numerous activities without alerting the user, such as taking photographs through the front camera when a notification is opened or logging device location.
Advanced Surveillance Techniques
The app uses a range of triggers to remain operational, including device boot-up, network changes, and physical motion detection. This ensures that the application can continue its surveillance activities without interruption, regardless of whether the abuser is actively monitoring the device.
Hexproof’s investigation revealed that Cerberus can execute 44 different remote commands via a web-based control panel. Despite efforts to remove it in 2018, the app resurfaced on Google Play under a different name, continuing its operations and becoming the most detected stalkerware globally in 2020.
Firebase-Backed Command System
Cerberus utilizes Google’s Firebase Cloud Messaging to manage its command operations, allowing commands such as capturing images or wiping devices to pass through Google’s infrastructure. This setup involves five Firebase projects linked to the LSDroid account, which, if suspended, would immediately sever the app’s control capabilities.
Additionally, the Lock Screen Protector app enhances Cerberus’s functionality by interacting with accessibility services to read screen content and perform actions like intercepting shutdown processes, ensuring continued monitoring even when the device appears off.
Safety Recommendations for Potential Victims
Individuals suspecting their device is compromised by Cerberus should seek professional assistance before attempting any device changes. Contacting resources like the National Domestic Violence Hotline or the Coalition Against Stalkerware is advised, as direct actions could alert the abuser and result in loss of forensic evidence crucial for legal proceedings.
Organizations like Cornell Tech’s Clinic to End Tech Abuse and the NNEDV Safety Net Project offer support for a secure and planned removal process. For ongoing updates, follow us on Google News, LinkedIn, and X.
