August 17, 2022

A dangerous new malware that targets Android devices has been uncovered by cybersecurity experts.

In 2021, researchers discovered a malware designated ERMAC that was attacking Android devices.

Now, cybersecurity experts from ESET have found that a new version of the Banking trojan – dubbed ERMAC 2.0 – is active.

The malware targets Android devices via 467 apps that steal users’ credentials and bank information.

ERMAC 2.0 does this by impersonating popular and genuine apps, according to cybersecurity experts.

Cyble Research Labs also found that threat actors can rent the malware for a hefty monthly fee of $5,000.

ERMAC 1.0, which was discovered officially in August 2021, utilized 378 apps and was being rented for $3,000 a month.

“We have observed that the ERMAC 2.0 is being delivered through fake sites,” Cyble Labs noted in a blog post.

The experts added that EMRAC 2.0 also spreads through fake browser update sites.

How does it work?

Once someone installs ERMAC 2.0 via a fraudulent app, the malware requests as many as 43 permissions from their device.

These permissions, if granted, may enable the bad actors to take full control of a victim’s device.

Other permissions can get the hackers SMS access, contact access, system alert window creation, audio recording, or full storage read and write access.

ERMAC 2.0 impersonates popular and genuine apps, according to cybersecurity experts.
Getty Images/iStockphoto

Certain permissions can also create a list of apps installed on the victim’s device and share that data with the hacker’s C2 server, according to Tech Radar.

This can result in a complex phishing scheme that harvests the user’s data whenever they try to log onto the affected app.

Some phishing pages being used to trick the victims include banking applications such as Japan’s bitbank, India’s IDBI Bank, Australia’s Greater Bank, and Boston-based Santander Bank, per Phone Arena.

See also  NASA reveals behind the scenes look at huge asteroid probing spacecraft

How to protect yourself

Several restrictions placed on Accessibility Service abuse protect devices running Android 11 and 12, according to BleepingComputer.

However, users are still advised to avoid downloading apps from outside Google’s Play Store.

Even if an app is on Google’s Play Store, users should remain vigilant about its legitimacy.

This story originally appeared on The Sun and was reproduced here with permission.