Security News > 2022 > May > New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps
The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets.
The first malware campaign utilizing the new ERMAC 2.0 malware is a fake Bolt Food application targeting the Polish market.
ERMAC first determines what applications are installed on the host device and then sends the information to the C2 server.
The response contains the injection modules that match the application list in encrypted HTML form, which the malware decrypts and stores into the Shared Preference file as "Setting.xml."
Popular cryptocurrency wallets and asset management apps are stolen too.
The extensive list of apps supported make this a potent malware, but it's worth noting that it would stumble into problems in Android versions 11 and 12, thanks to the additional restrictions that Google added to prevent Accessibility Service abuse.
News URL
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)