ERMAC 2.0 Android Trojan

BlackRock Android Malware

ERMAC 2.0 is the name of a piece of mobile malware affecting Android devices. ERMAC 2.0 is an Android banking trojan and seems to be primarily targeting European users.

The malware is being sold on the dark web, at a rate of $5000 per month - a pretty steep subscription fee, considering what even some strains of ransomware are going for, using a similar malware-as-a-service model.

ERMAC 2.0 is distributed to victims under the disguise of an Android application for the Bolt Food delivery service. It's worth noting that Bolt Food does have an app that is listed on the Google Play Store and if users who are not fazed by its low rating of under 3 out of 5 want to get it, they can just use the official Android storefront.

ERMAC 2.0 can perform a number of malicious tasks on the target device, including gaining full incoming and outgoing SMS control, forwarding calls, recording virtual keyboard keystrokes and blocking mobile antivirus software, so it can work uninterrupted.

The malware can also change its app icon and name to dodge manual detection and removal and has a persistence mechanism.

May 25, 2022