Select Page

The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session.

ThreatFabric, in a report shared with The Hacker News, characterized Hook as a novel ERMAC fork that’s advertised for sale for $7,000 per month while featuring “all the capabilities of its predecessor.”

“In addition, it also adds to its arsenal Remote Access Tooling (RAT) capabilities, joining the ranks of families such as Octo and Hydra, which are capable performing a full Device Take Over (DTO), and complete a full fraud chain, from PII exfiltration to transaction, with all the intermediate steps, without the need of additional channels,” the Dutch cybersecurity firm said.

A majority of the financial apps targeted by the malware are located in the U.S., Spain, Australia, Poland, Canada, Turkey, the U.K., France, Italy, and Portugal.

Hook is the handiwork of a threat actor known as DukeEugene and represents the latest evolution of ERMAC, which was first disclosed in September 2021 and is based on another trojan named Cerberus that had its source code leaked in 2020.

images from Hacker News