Security News > 2023 > January > Android Users Beware: New Hook Malware with RAT Capabilities Emerges
The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session.
ThreatFabric, in a report shared with The Hacker News, characterized Hook as a novel ERMAC fork that's advertised for sale for $7,000 per month while featuring "All the capabilities of its predecessor."
"The lack of some sort of RAT capabilities is a major issue for a modern Android Banker, as it does not provide the possibility to perform Device Take Over, which is the fraud methodology that is most likely to be successful and not detected by fraud scoring engines or fraud analysts. This is most likely what triggered the development of this new malware variant."
Like other Android malware of its ilk, the malware abuses Android's accessibility services APIs to conduct overlay attacks and harvest all kinds of sensitive information such as contacts, call logs, keystrokes, two-factor authentication tokens, and even WhatsApp messages.
Among the other major features to be added to Hook is the ability to remotely view and interact with the screen of the infected device, obtain files, extract seed phrases from crypto wallets, and track the phone's location, blurring the line between spyware and banking malware.
"The main drawback of creating a new malware is usually gaining enough trust by other actors, but with the status of DukeEugene among criminals, it is very likely that this will not be an issue for Hook," Durando said.
News URL
https://thehackernews.com/2023/01/android-users-beware-new-hook-malware.html
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)