Security News > 2022 > May > New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps
The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets.
The first malware campaign utilizing the new ERMAC 2.0 malware is a fake Bolt Food application targeting the Polish market.
ERMAC first determines what applications are installed on the host device and then sends the information to the C2 server.
The response contains the injection modules that match the application list in encrypted HTML form, which the malware decrypts and stores into the Shared Preference file as "Setting.xml."
Popular cryptocurrency wallets and asset management apps are stolen too.
The extensive list of apps supported make this a potent malware, but it's worth noting that it would stumble into problems in Android versions 11 and 12, thanks to the additional restrictions that Google added to prevent Accessibility Service abuse.
News URL
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets (source)
- GrassCall malware campaign drains crypto wallets via fake job interviews (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- MassJacker malware uses 778,000 wallets to steal cryptocurrency (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)