Security News > 2021 > September > New Android Malware Steals Financial Data from 378 Banking and Wallet Apps

New Android Malware Steals Financial Data from 378 Banking and Wallet Apps
2021-09-27 04:47

The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research.

"The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabric's CEO Cengiz Han Sahin said in an emailed statement.

Almost fully based on the notorious banking trojan Cerberus, the Dutch cybersecurity firm's findings come from forum posts made by an actor named DukeEugene last month on August 17, inviting prospective customers to "Rent a new android botnet with wide functionality to a narrow circle of people" for $3,000 a month.

Featuring an array of data theft capabilities, the infostealer and keylogger originate from another banking strain called Xerxes - which itself is a strain of the LokiBot Android banking Trojan - with the malware's source code made public by its author around May 2019.

ERMAC, like its progenitor and other banking malware, is designed to steal contact information, text messages, open arbitrary applications, and trigger overlay attacks against a multitude of financial apps to swipe login credentials.

"The story of ERMAC shows one more time how malware source code leaks can lead not only to slow evaporation of the malware family but also bring new threats/actors to the threat landscape," the researchers said.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/jKTB7FZFTxc/new-android-malware-steals-financial.html