A group of hackers, known for creating the BlackRock and ERMAC Android banking trojans, has released another malware named Hook. Hook can be rented for $7,000 per month and has new abilities to access files on an infected device and create a remote interactive session. ThreatFabric, a cybersecurity firm, has described Hook as a new version of the ERMAC malware and includes all the capabilities of the previous version.
Additionally, Hook has Remote Access Tooling (RAT) capabilities, making it similar to other malware such as Octo and Hydra, which can take over a device and complete an entire fraud chain from personal information exfiltration to transactions without the need for additional channels.
Hook malware primarily targets financial applications in the US, Spain, Australia, Poland, Canada, Turkey, the UK, France, Italy, and Portugal. The malware was created by a cybercriminal group known as DukeEugene, and it’s the latest version of the ERMAC malware, which was first reported in September 2021. ERMAC is based on another trojan named Cerberus, whose source code was leaked in 2020.
According to ThreatFabric researcher Dario Durando, ERMAC is less advanced than Hydra and Octo in terms of capabilities and features, which is common knowledge among cybercriminals who prefer those two families over ERMAC.
The lack of Remote Access Tooling (RAT) capabilities is a significant problem for a modern Android Banker, as it does not allow for Device Take Over (DTO), a fraud method that is more likely to be successful and not be detected by fraud scoring engines or analysts. This is likely the reason why this new malware variant was developed.
Like other similar Android malware, Hook also abuses Android’s accessibility services APIs to conduct overlay attacks and collect sensitive information such as contacts, call logs, keystrokes, two-factor authentication tokens, and even WhatsApp messages.
Due to the increase in cybercrimes, your organization must have an enhanced cybersecurity solution to confront such types of malware and cyberattacks. CyberArrow GRC allows companies to automate risk assessments and threat monitoring to detect and eliminate such types of cyberattacks. CyberArrow GRC can be implemented by any type of organization all over the world.
Automate risk assessments and threat monitoring with CyberArrow. Schedule a free demo now!