Cerberus Anti-theft is stalkerware: a reverse engineering

Mark Esler· Apr 30, 2026 · 8:42 PM UTC ·43 min read · 0 reactions · 0 comments · 4 views

#stalkerware #android #reverse engineering #cybersecurity #malware #LSDroid #Cerberus Anti-theft #Google Play #F-Secure #Mark Esler #Luca Sagaria #Milan #The Verge

via

hexproof

⚡ TL;DR · AI summary

Cerberus Anti-theft, developed by LSDroid, is identified as stalkerware due to its covert surveillance capabilities and policy violations on the Google Play Store. The app uses aggressive persistence mechanisms, including the Lock Screen Protector module, which prevents device shutdown and captures screenshots sent to Cerberus. Despite prior removals and research documenting its misuse in intimate partner violence, Cerberus reappeared on Google Play under a new package name while maintaining the same functionality.

Original article

hexproof · Mark Esler

Read full at hexproof →

Opening excerpt (first ~120 words) tap to expand

Cerberus Anti-theft is stalkerware: a reverse engineering2026-04-30 · 84 min read · Mark EslerThere is an app on Google Play called Lock Screen Protector (com.lsdroid.lsp). It requests accessibility service permissions — the most sensitive permission on Android. Once granted, it reads all screen content, performs gestures, and takes screenshots. It monitors for the power dialog and dismisses it — the phone cannot be turned off. It blocks the notification shade — airplane mode cannot be enabled.

…

Excerpt limited to ~120 words for fair-use compliance. The full article is at hexproof.

Anonymous · no account needed

Discussion

0 comments

Cerberus Anti-theft is stalkerware: a reverse engineering

Discussion

More from hexproof