Great Moto G Stylus deal on Amazon!

Hackers paying $5K/month to gain access to 467 Android apps to steal banking info

By
1comment
Android
This Android banking malware is so potent bad actors are paying $5K/month for it
ESET cybersecurity researchers have discovered a new version of 2021's Android Banking Trojan ERMAC that is targeting 467 apps for stealing credentials and rob you of your hard-earned money.


ERMAC 2.0 aims to steal victims’ credentials for financial and cryptocurrency apps and it does so by impersonating apps.

Cyble Research Labs probed further and found that bad actors can rent it for a monthly fee of $5,000. It's worth mentioning that ERMAC 1.0, which targeted 378 apps, was being rented out for $3,000 a month, so the new high fee reflects the increased potential of the new version.

The malware is being spread through fake websites. For instance, a fake version of Bolt Food's site, which is a famous food delivery platform in Europe, has been created to target Polish users.

It's also being distributed through scammy browser update sites. 


Once a user falls prey and downloads a fraudulent app, it asks for as many as 43 permissions, such as allowing it to read from external storage and letting it read text messages, and also asks the user to turn on the Accessibility Service. When that's granted, it starts misusing services by enabling overlay activity and granting permissions.

The malware then sends a list of apps installed on the victim's Android device to the Command and Control server. It then receives a response with the help of which it discreetly overlays legitimate apps and gains access to sensitive data and dangerous authorizations. India's crypto app Unocoin was amongst the apps targeted this way. 

Recommended Stories
The malware then stores an HTML phishing page on the device and when the victim uses the targeted genuine app, the phishing page is displayed instead to steal credentials, which are then sent back to the Command and Control server. 

The hacker then uses the harvested information to steal cryptocurrency from the user's account.

The report also mentions some of the phishing pages that are being used to trick the victims and includes banking applications of several well-known organizations such as Japan's bitbank, India's IDBI Bank, Australia's Greater Bank, and Boston-based Santander Bank.

Banking applications targeted by ERMAC 2.0 - Hackers paying $5K/month to gain access to 467 Android apps to steal banking info
Banking applications targeted by ERMAC 2.0

Cyble notes that ERMAC is based on a well-known malware called Cerberus and cautions that the people behind ERMAC 2.0 will continue to make new versions with enhanced capabilities. 
 
BleepingComputer says that thanks to the restrictions placed on Accessibility Service abuse, phones running Android 11 and 12 don't have much to worry about, but still advises users to avoid downloading apps from outside Google's Play Store, especially those that don't seem legitimate. Perhaps Apple has a point after all when it talks about not allowing sideloading?

If you don't want to leave your security to chance, you can use a service like ExpressVPN.
https://m-cdn.phonearena.com/images/users/270-200/Anam.jpg
Anam Hamid Mobile Tech News and Deals Journalist
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.

Recommended Stories

Loading Comments...

Popular stories

Apple warns iPhone users about overnight iPhone charging
Apple warns iPhone users about overnight iPhone charging
Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'
Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?

Latest News

The way you handle your iPhone apps could be hurting battery life and performance
The way you handle your iPhone apps could be hurting battery life and performance
HTC could launch another mid-range smartphone this summer
HTC could launch another mid-range smartphone this summer
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
Apple removes three apps from App Store that claimed in ads they could create AI porn
Apple removes three apps from App Store that claimed in ads they could create AI porn
FCC OKs Cingular\'s purchase of AT&T Wireless