Hydra Banking Trojan

BlackRock Android Malware

Hydra is the name of a newly discovered strain of banking trojan malware that was distributed for a time on the Google Play Store, disguised as a "document manager" app.

The Hydra trojan has now been taken down from the official Android Play Store by Google, but this happened only after around 10,000 users downloaded the malicious app. The malware was originally put up on the Play Store on May 30 and lasted nearly two weeks there, being taken down on June 9.

Hydra was used to target European users who use the services of Commerzbank - one of the biggest banking institutions in Germany.

Of course, the threat actors behind the Hydra banking trojan used different distribution methods and didn't put all their eggs in the Play Store basket. Even though Google has taken down the malicious app from their storefront, according to researchers the Hydra malware is still available for download, posing as the same fake document manager app on at least two different APK repositories.

Of course, using anything but the curated Google and Apple stores to download and install any app, regardless of the mobile platform you are using, is always asking for trouble and is highly unadvisable.

June 16, 2022