Dangerous new malware targeting Android devices has been discovered by cybersecurity experts.
In 2021, researchers discovered a malware called ERMAC that was attacking Android devices.
Currently, ESET cybersecurity experts have discovered that a new version of a banking Trojan (called ERMAC 2.0) is active.
The malware targets Android devices via 467 apps that steal user credentials and banking information.
According to cybersecurity experts, ERMAC 2.0 does this by impersonating a popular real app.
Cyble Research Labs We also found that attackers could rent malware for a high monthly fee of $ 5,000.
Officially discovered in August 2021, ERMAC 1.0 used 378 apps and was rented for $ 3,000 per month.
“We have confirmed that ERMAC 2.0 is being delivered through a fake site,” Cyble Labs said in a blog post.
Experts added that EMCA 2.0 will extend to fake browser update sites.
How does it work?
When someone installs ERMAC 2.0 via a malicious app, the malware requires as many as 43 permissions on the device.
Given these privileges, a malicious attacker could gain complete control of the victim’s device.
Other permissions can be hacker SMS access, contact access, system alert window creation, voice recording, or full storage read and write access.
With certain permissions, you can also create a list of apps installed on the victim’s device and share that data with the hacker’s C2 server. Tech radar.
This can lead to complex phishing schemes that collect user data each time you try to log on to an affected app.
The fishing pages used to fool victims include banking applications such as Bitbank in Japan, IDBI Bank in India, Large Bank in Australia, and Santander Bank based in Boston. Telephone arena.
How to protect yourself
Some restrictions imposed on the abuse of accessibility services protect devices running Android 11 and 12. Bleeping Computer..
However, users are advised not to download apps from outside Google’s Play Store.
Even if the app is on Google’s Play Store, users still need to pay attention to its legitimacy.
This story originally appeared Sun I duplicated it here with permission.