The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research.
“The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays,” ThreatFabric’s CEO Cengiz Han Sahin said in an emailed statement. First campaigns involving ERMAC are believed to have begun in late August under the guise of the Google Chrome app.
Since then, the attacks have expanded to include a range of apps such as banking, media players, delivery services, government applications, and antivirus solutions like McAfee.
Almost fully based on the notorious banking trojan Cerberus, the Dutch cybersecurity firm’s findings come from forum posts made by an actor named DukeEugene last month on August 17, inviting prospective customers to “rent a new android botnet with wide functionality to a narrow circle of people” for $3,000 a month.
DukeEugene is also known as the actor behind the BlackRock campaign that came to light in July 2020. Featuring an array of data theft capabilities, the infostealer and keylogger originate from another banking strain called Xerxes — which itself is a strain of the LokiBot Android banking Trojan — with the malware’s source code made public by its author around May 2019.
images from Hacker News