In the last few days, our Mobile Threat Labs team at Avast discovered a Cerberus banking Trojan on Google Play that was targeting Android users in Spain. As is common with banking malware, Cerberus, disguised itself as a genuine app in order to access the banking details of unsuspecting users. What’s not so common is that a banking Trojan managed to sneak onto the Google Play Store. The ‘genuine’ app in this case, posed as a Spanish currency converter called “Calculadora de Moneda”. According to our research, hid its malicious intentions for the first few weeks while being available on the store. This was possibly to stealthily acquire users before starting any malicious activities, which could have grabbed the attention of malware researchers or Google’s Play Protect team. As a result, the app has been downloaded more than 10,000 times so far. We reported it to Google, so they can quickly remove it.