Security News > 2023 > January > New 'Hook' Android malware lets hackers remotely control your phone

A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC. The new malware is promoted by the creator of Ermac, an Android banking trojan selling for $5,000/month that helps threat actors steal credentials from over 467 banking and crypto apps via overlaid login pages.
While the author of Hook claims the new malware was written from scratch, and despite having several additional features compared to Ermac, researchers at ThreatFabric dispute these claims and report seeing extensive code overlaps between the two families.
Despite its origin, Hook is an evolution of Ermac, offering an extensive set of capabilities that make it a more dangerous threat to Android users.
One new feature of Hook compared to Ermac is the introduction of WebSocket communication that comes in addition to HTTP traffic used exclusively by Ermac.
"With this feature, Hook joins the ranks of malware families that are able to perform full DTO, and complete a full fraud chain, from PII exfiltration to transaction, with all the intermediate steps, without the need of additional channels," warns ThreatFabric.
Finally, a new geolocation tracking system enables Hook operators to track the victim's precise position by abusing the "Access Fine Location" permission.
News URL
Related news
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- Serbian police used Cellebrite zero-day hack to unlock Android phones (source)
- Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone (source)
- BadBox malware disrupted on 500K infected Android devices (source)