Security News > 2023 > January > Android Users Beware: New Hook Malware with RAT Capabilities Emerges

The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session.

ThreatFabric, in a report shared with The Hacker News, characterized Hook as a novel ERMAC fork that's advertised for sale for $7,000 per month while featuring "All the capabilities of its predecessor."

"The lack of some sort of RAT capabilities is a major issue for a modern Android Banker, as it does not provide the possibility to perform Device Take Over, which is the fraud methodology that is most likely to be successful and not detected by fraud scoring engines or fraud analysts. This is most likely what triggered the development of this new malware variant."

Like other Android malware of its ilk, the malware abuses Android's accessibility services APIs to conduct overlay attacks and harvest all kinds of sensitive information such as contacts, call logs, keystrokes, two-factor authentication tokens, and even WhatsApp messages.

Among the other major features to be added to Hook is the ability to remotely view and interact with the screen of the infected device, obtain files, extract seed phrases from crypto wallets, and track the phone's location, blurring the line between spyware and banking malware.

"The main drawback of creating a new malware is usually gaining enough trust by other actors, but with the status of DukeEugene among criminals, it is very likely that this will not be an issue for Hook," Durando said.

News URL

https://thehackernews.com/2023/01/android-users-beware-new-hook-malware.html