Security News > 2023 > January > New 'Hook' Android malware lets hackers remotely control your phone
A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC. The new malware is promoted by the creator of Ermac, an Android banking trojan selling for $5,000/month that helps threat actors steal credentials from over 467 banking and crypto apps via overlaid login pages.
While the author of Hook claims the new malware was written from scratch, and despite having several additional features compared to Ermac, researchers at ThreatFabric dispute these claims and report seeing extensive code overlaps between the two families.
Despite its origin, Hook is an evolution of Ermac, offering an extensive set of capabilities that make it a more dangerous threat to Android users.
One new feature of Hook compared to Ermac is the introduction of WebSocket communication that comes in addition to HTTP traffic used exclusively by Ermac.
"With this feature, Hook joins the ranks of malware families that are able to perform full DTO, and complete a full fraud chain, from PII exfiltration to transaction, with all the intermediate steps, without the need of additional channels," warns ThreatFabric.
Finally, a new geolocation tracking system enables Hook operators to track the victim's precise position by abusing the "Access Fine Location" permission.
News URL
Related news
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals (source)
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- SoumniBot malware exploits Android bugs to evade detection (source)