Spain
Portugal
The new Hook Banking Trojan for just $5,000 a month opens up the possibility for attackers to steal accounts from more than 450 Internet banking applications and crypto wallets.
The authors of the BlackRock and ERMAC banking Trojans have rolled out an updated, or rather a completely new malware, sharpened for attacks on owners of Android mobile devices.
The malware is equipped with interesting features that allow you to access files stored on the device, as well as remotely monitor the victim's smartphone in real time using VNC.
The find was discovered by experts from ThreatFabric, who believe that Hook is a fork of ERMAC.
In their report, the researchers note that Hook implements the functionality of a remote access Trojan and it can be compared with such families of malicious software as Octo and Hydra. The Trojan extracts and transmits personal data of users to operators.
The malware impresses with an abundance of banking applications, but it is based on credit institutions in the USA, Spain, Australia, Poland, Canada, Turkey, Great Britain, France, Italy and Portugal.
Hook is attributed to the activities of a cybercrime group known as DukeEugene. Like other similar Remote access Trojans, malware uses the special capabilities of the Android system to overlay windows on top of legitimate applications.
If you are unlucky with Internet banking, the Trojan allows you to steal important data from the device such as contacts, call recordings, keystrokes, two-factor authentication tokens and even WhatsApp correspondence.
In addition to the above, malware is able to work as a file manager, allowing attackers to get a list of all files stored on the device and download certain files of their choice. From the highlight Hook is able to interact with the device display
Hook is currently distributed as a Google Chrome APK file under the package names "com.lojibiwawajinu.guna", "com.damariwonomiwi.docebi", "com.damariwonomiwi.docebi" and "com.yecomevusaso.pisifo", which may change at any time.
In order to avoid infection with malware for Android, researchers recommend installing applications from the Google Play Store, as well as official and trusted sources.
