ERMAC Android Banking Trojan - a New Payload by the Authors of BlackRock
The creators of the infamous BlackRock Android Malware appear to be behind a new project, which focuses on stealing financial data and banking credentials from its targets. The ERMAC Android Banking Trojan is a new threat that has so far only been active in Poland. However, there is no doubt that its operators will soon look to infect users in other regions as well. Allegedly, the dangerous malware shares some similarities with the Cerberus malware. It supports a total of 378 banking and wallet applications. The attack is executed by displaying fake overlays, tricking users into providing their login credentials to the criminals.
How is the ERMAC Android Banking Trojan Spread?
So far, victims in Poland have been infecting their devices with the malware because of a fake Google Chrome application. Of course, the malicious APK file was not found on the official Google Play Store. Instead, it was being promoted through fake online ads, 3rd-party app stores, and other unreliable sources of Android software. While the campaign only used fake Google Chrome apps at the beginning, it has now evolved to use bogus copies of media players, baking apps, and even delivery services.
Although overlay attacks are the specialty of the ERMAC Android Banking Trojan, this is just one of its many features. In order to maximize the success rate of the attacks, the malware also tries to access text messages, contacts, open apps, and running services. It tries to gain full access to the victim's device by prompting the user to receive permissions to use the 'Accessibility Service.' Apps with access to this service may gain full control over a device's features.
Many Android banking Trojans tend to feature a Remote Access Trojan (RAT) component as well but, thankfully, this one does not boast such a feature. However, it is still an exceptionally dangerous threat, which is likely to become more common in the future. Android users should protect themselves from the ERMAC Trojan by using up-to-date anti-malware tools, and only installing software from verified sources.