1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This Android malware targets passwords from almost 500 apps

    From TechnologyDaily@1337:1/100 to All on Thu May 26 16:45:04 2022
    This Android malware targets passwords from almost 500 apps

    Date:
    Thu, 26 May 2022 15:24:43 +0000

    Description:
    ERMAC Version 2.0 Android malware comes with new features, but also a bigger monthly fee for hackers.

    FULL STORY ======================================================================

    An infamous Android banking trojan has gotten a major update, growing more dangerous - but also more expensive.

    Cybersecurity researchers from Cyble and ESET recently discovered version 2.0 of ERMAC being advertised on the dark web, for a monthly subscription rate of $5,000 (up from $3,000 a month for the earlier version).

    The spike in subscription cost is not just due to inflation - its also due to version 2.0 coming with a lot more features. It is now capable of stealing login information and other sensitive data from 467 applications, up from the previous 378.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Overlaying legit apps

    When a victim installs ERMAC on its endpoint, the malware requests
    permissions to the Accessibility Service, which give it complete control over the device. Researchers have found that the trojan grants itself 43 permissions, including SMS access, contact access, system alert window creation, audio recording, and full storage read and write access.

    After that, its able to mimic different apps and steal sensitive data . Once it gets the necessary permissions, it scans the device for apps installed,
    and sends the data over to its C2 server. The server then responds with injection modules in encrypted HTML form, which the trojan decrypts and
    places into the Shared Preference file under setting.xml filename. When the victim tries to launch an app, the trojan will instead launch a phishing page over the actual apps interface, thus harvesting the data.

    Researchers have already spotted ERMAC 2.0 in the wild, as well. An unknown threat actor tried to impersonate the Bold Food application (a food delivery service in Europe) and attack consumers in Poland. Read more

    This dangerous new Android trojan can hijack your Facebook account


    This nasty Android trojan tricks you with a fake Google Play Store page


    Beware, this new Android banking malware could hijack your phone

    A fake Bolt Food website was brought up (defunct at press time), which was most likely advertised through social media and phishing emails.

    Fake apps are a common weapon in cybercriminals arsenal, which is why its important to only download apps from a known, legitimate source. Prevent malware from wreaking havoc with the best antivirus solutions around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-android-malware-targets-passwords-from-alm ost-500-apps/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)