Warning Issued Against New Android Malware That Hunts User Passwords From Over 500 Different Apps

A new and highly dangerous banking trojan belonging to Android has recently been updated. And it wouldn’t be wrong to say that it’s not only being called out as more infamous but also super expensive.

The new reports come courtesy of researchers belonging to the cybersecurity firms called Cyble & ESET who have recently shed light on the ERMAC 2.0 version. The latter was seen being advertised across the dark web and the pricing was steep.

Think along the lines of monthly subscriptions that go as high as $5000, which were once seen to be $3000 a month when you compare the older version.

And while you might assume that this new price tag has something to do with inflation, well, we’ve got some news for you. It is actually related to the number of features on offer and that includes hunting down-sensitive user details such as their login credentials and a number of other sensitive information pertaining to more than 467 apps. Previously, this number was just 378 and it’s rising over time- another dangerous and alarming situation that many are noticing.

But what exactly happens when a user installs such an app? Well, for starters, the notorious malware will ask for your permission to gain accessibility. And that is what provides it with thorough control over a user’s device.

On average, researchers are pointing out how the trojan actually allows for 43 different requests such as access to SMS, control over a user’s contacts, creation of system alerts, recording of audio, access to writing, and also complete access to a device’s storage.

Once it achieves that, the app can copy a number of other applications, and therefore the user is unaware of what’s really going on. This includes the ease with which passwords are stolen.

With the permission it needs, the trojan scans a user’s device and sees which apps are actually installed, and then this information is relayed further to another server by the name C2.

The server will send out a response in the form of injection modules that are encrypted in HTML form. With time, the trojan will be able to decode the message and place the file under a specific heading or filename.

Whenever another app is launched by a user of the device, a phishing page will in turn pop up and harvest all the details.

This isn’t the first time that we’ve heard of the ERMAC 2.0. Previously, we saw a threat actor try to impersonate a food delivery app and then launch attacks against users in Poland.


Read next: 3 Million YoY Increase in Cyber Attacks Noted in Q1 2022
Previous Post Next Post