A dangerous new malware targeting Android devices has been uncovered by cyber security experts.
In 2021, researchers discovered a malware named ERMAC that was attacking Android devices.
Now, cybersecurity experts at ESET have discovered that a new version of the banking trojan – called ERMAC 2.0 – is active.
The malware targets Android devices through 467 apps that steal users’ credentials and bank information.
According to cyber security experts, ERMAC 2.0 does this by impersonating popular and genuine apps.
Cyble Research Labs also found that threat actors could rent malware for a hefty monthly fee of $5,000.
ERMAC 1.0, which was officially discovered in August 2021, used 378 apps and was being rented for $3,000 a month.
“We have noticed that ERMAC 2.0 is being distributed through fake sites,” Cyble Labs noted in a blog post.
Experts said that EMRAC 2.0 also spreads through fake browser update sites.
How does this work?
Once someone installs ERMAC 2.0 through a fraudulent app, the malware requests 43 permissions from their device.
These permissions, if granted, could enable bad actors to take full control of the victim’s device.
Other permissions hackers can gain include SMS access, contact access, system alert window creation, audio recording, or full storage read and write access.
According to Tech Radar, certain permissions can also create a list of apps installed on the victim’s device and share that data with the hacker’s C2 servers.
This can result in a complex phishing scheme that harvests a user’s data when they try to log in to the affected app.
Some of the phishing pages being used to mislead victims include banking applications such as Bitbank of Japan, IDBI Bank of India, Greater Bank of Australia and Boston-based Santander Bank, per Phone Arena.
how to protect yourself
According to BleepingComputer, several restrictions placed on abuse of the accessibility service protect devices running Android 11 and 12.
However, users are still advised to avoid downloading apps from outside Google’s Play Store.
Even if an app is on Google’s Play Store, users should be cautious about its legality.