Hook: New Android Banking Trojan That Expands on ERMAC's Legacy
Sep 18, 2023
Mobile Security / Banking Trojan
A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. "All commands (30 in total) that the malware operator can send to a device infected with ERMAC malware, also exist in Hook. The code implementation for these commands is nearly identical." Hook was first documented by ThreatFabric in January 2023, describing it as a " ERMAC fork" that's offered for sale for $7,000 per month. Both the strains are the work of a malware author called DukeEugene. That said, Hook expands on ERMAC's functionalities with more capabilities, supporting as many as 38 additional commands when compared to the latter. ERMAC's core features are designed to send SMS messages, display a phishing window on top of a legitimate app, e...
