Home » Hackers paying $5K/month to gain access to 467 Android apps to steal banking info

Hackers paying $5K/month to gain access to 467 Android apps to steal banking info

by admin

ESET cybersecurity researchers have discovered a new version of the 2021 Android banking Trojan ERMAC. It targets 467 apps to steal credentials and steal hard-earned money.

ERMAC 2.0 aims to steal victim credentials for financial and crypto apps, and does so by impersonating the app.
Cyble Research Labs Further investigation revealed that malicious individuals can be rented for $ 5,000 per month. ERMAC 1.0 for 378 apps was rented for $ 3,000 per month, so the new high price reflects the increased likelihood of a new version.

Malware is spreading through fake websites. For example, a fake version of the site of Bolt Food, a well-known food delivery platform in Europe, was created for Polish users.

It is also distributed through fraudulent browser update sites.

When a user preys and downloads a malicious app, it demands as many as 43 permissions, including allowing reading from external storage and reading text messages, and demanding that accessibility services be turned on. If it is allowed, it will start misusing the service by enabling overlay activity and granting permissions.

The malware then sends a list of apps installed on the victim’s Android device to the command and control server. Then you receive the response by carefully overlaying the legitimate app to gain access to sensitive data and dangerous authentication. The Indian crypto app Unocoin was one of the apps targeted this way.

The malware then stores the HTML phishing page on the device, and when the victim uses the targeted real app, the phishing page is displayed instead, the credentials are stolen and sent back to the command and control server.

Hackers then use the information they collect to steal cryptocurrencies from your account.

The report also includes some of the fishing pages used to trick victims, including Bitbank in Japan, IDBI Bank in India, Greater Bank in Australia, and Santander Bank based in Boston. Includes the banking application of the well-known organization of.

Cyble points out that ERMAC is based on a well-known malware called Cerberus and warns that the people behind ERMAC 2.0 will continue to create new versions with extensions.

Bleeping Computer Phones running Android 11 and 12 don’t have to worry too much, thanks to the limitations imposed by the abuse of accessibility services, but still advise users not to download apps from outside Google’s Play Store. I am.Perhaps Apple has a point after all when it’s talking Do not allow sideloading??
If you don’t want to leave security by accident, you can use services such as: ExpressVPN..

You may also like

Leave a Comment