Hook Mobile Banking Trojan is a Successor of Ermac

android malware

The latest Android banking trojan, Hook, has been released by the same threat actor behind BlackRock and ERMAC. It is being advertised for rent at a cost of $7,000 per month and offers all the capabilities of its predecessor as well as new features such as remote access tooling (RAT) capabilities.

Hook targets financial apps in countries such as the U.S., Spain, Australia, Poland, Canada, Turkey, the U.K., France, Italy and Portugal. It is based on another trojan called Cerberus which had its source code leaked in 2020 and was first disclosed in September 2021.

Like other Android malware of its kind, Hook abuses Android's accessibility services APIs to conduct overlay attacks and harvest sensitive information such as contacts, call logs, keystrokes and two-factor authentication (2FA) tokens. It also masquerades as Google Chrome to trick users into downloading it.

Among the features added to Hook are the ability to remotely view and interact with the screen of an infected device; obtain files; extract seed phrases from crypto wallets; track phone location; and blur the line between spyware and banking malware.

Hook is a sophisticated piece of malware that can be used to carry out a fraud chain, from exfiltration to transaction, with all the intermediate steps without the need for additional channels. It is capable of bypassing two-factor authentication and other security measures, making it a dangerous threat to users' financial information. Furthermore, its ability to remotely view and interact with the screen of an infected device makes it a powerful tool for cybercriminals.

To protect against Hook and other mobile malware, users should be aware of the risks associated with downloading apps from untrusted sources. They should also ensure that their devices are running the latest version of Android and have all security patches applied. Additionally, they should use a reputable antivirus solution to scan for malicious software and regularly back up their data in case of an attack. Finally, users should be wary of any suspicious emails or messages that may contain malicious links.

What are Android banking trojans similar to Hook and what tactics can they use to steal your accounts?

Android banking trojans are malicious software designed to steal financial information from users. These trojans are similar to Hook in that they use a variety of tactics to gain access to user accounts and sensitive data. Common tactics used by these trojans include phishing, overlay attacks, keylogging, and credential harvesting.

Phishing is a technique used by attackers to trick users into providing their personal information or credentials through deceptive emails or messages. Overlay attacks involve displaying an overlay window on top of legitimate apps, such as banking apps, in order to harvest user credentials when they enter them into the fake window. Keylogging involves recording every keystroke made on the device in order to capture passwords and other sensitive information. Credential harvesting involves stealing login credentials from web browsers or other applications stored on the device.

These tactics can be used together or separately in order to gain access to user accounts and steal financial information. It is important for users to be aware of these tactics and take steps to protect themselves against them, such as using strong passwords, avoiding suspicious links or emails, and using reputable antivirus software.

What are overlay attacks in mobile trojans?

Overlay attacks are a type of attack used by mobile trojans to steal user credentials. This technique involves displaying an overlay window on top of legitimate apps, such as banking apps, in order to harvest user credentials when they enter them into the fake window. The overlay window is designed to look like the legitimate app and can be difficult for users to distinguish from the real one. Once the user enters their credentials into the fake window, the attacker can then use them to gain access to their accounts and steal financial information.

To protect against overlay attacks, users should be aware of any suspicious windows that appear on their device and avoid entering any sensitive information into them. Additionally, they should ensure that their devices are running the latest version of Android and have all security patches applied. Finally, they should use a reputable antivirus solution to scan for malicious software and regularly back up their data in case of an attack.

January 23, 2023