恶意软件研究人员刚刚在两个安卓 (Android ) 应用程序的源代码中发现到 Cerber 勒索字条。含有README.hta 文件的 Accechiamoli 和 ForzaFò 应用程序，可以直接从Google Play （谷歌市场）商店下载。这个发现似乎让人担心，恐怕危险恶意软件的开发者决定扩大他们的目标领域，但我们可以说这不是个问题。针对安卓设备的恶意活动还未展开，因此病毒只能侵入 Windows 操作系统的用户而已。所以，意大利福贾足球俱乐部 (Foggia Calcio) 不需要担心感染勒索软件的可能性。
ESET 安全团队扫描了这两个应用程序，寻找 Cerber 的有效载荷，但他们并没有找到任何可疑或对安卓设备带来潜在危险的东西。 he scanner only detected README.hta file – the Cerber ransom note. According to the ESET mobile security expert Lukas Stefanko, one of the reasons why this file ended up on in these applications is that the developer Francesco Pio Recchia was the victim of the Cerber. During the attack, the virus drops ransom note in each folder that contains encrypted files. Hence, if the developer haven’t performed removal of these files, it might have been left in the application’s icon folder. Another assumption suggests that the designer of the icons that are used in Accechiamoli and ForzaFò applications might have suffered from the Cerber. Thus, ransom note might have been accidentally left in the icons folder. Meanwhile, the developer did not check it and simply copy-pasted it. Though, the ransom note was just unnoticed. However, it’s just assumptions. The truth what have happened actually is still unknown.
Nevertheless, HTA files might be used for spreading file-encrypting viruses; it’s not the case. The README.hta file is not malicious and does not include the attack code. Security programs identify it as malicious, but the truth is it cannot cause any damage to the device. It just includes instructions what hackers want victims to do after ransomware attack. The ransom note includes information about data encryption and demands to pay the ransom in order to get them back. Victims are asked to transfer some Bitcoins via special Cerber payment website which can be accessed using Tor browser only. However, we want to remind that victims of the ransomware should not follow cyber criminals’ order. Paying the ransom does not guarantee that you get back access to your files.