Firstly, a recent ATM malware is found searching for the factory Logical Service Names in order to target ATMs. Additionally, Mobile Banking Malware like Cerberus are found targeting hundreds of banking applications in recent campaigns. The new variant of Cerberus serves for a RAT feature to perform fraud from the infected device. This new Cerberus variant has undergone refactoring of the code base and updates of the C2 communication protocol, but most notably it got enhanced with the RAT capability, possibility to steal device screen-lock credentials (PIN code or swipe pattern) and 2FA tokens from the Google Authenticator application. The RAT service is able to traverse the file system of the device and download its contents. On top of that it can also launch TeamViewer and setup connections to it, providing threat actors full remote access of the device. Abusing the Accessibility privileges, the Trojan can now also steal 2FA codes from Google Authenticator application. When the app is running, the Trojan can get the content of the interface and can send it to the C2 server, enabling bypass of authentication services that rely on OTP codes.