The news is by your side.

WARNING: Dangerous Banking Malware Is Back, Accessing 467 Apps

September 4, 2021, Brazil. The Android logo displayed on a smartphone with a malware alert in the background in this photo illustration

If you are an Android phone user then this news is for you and you need to pay attention to all the information mentioned in it. Your slight carelessness can cost you dearly. According to the report, the Android banking trojan ERMAC is back. In its 2.0 incarnation, this Trojan can access up to 467 apps to steal credentials.

The new version of ERMAC has access to 467 apps, the report said. Through this, it steals the credentials associated with banking, finance and crypto apps and then hacks your deposits. According to media reports, Cybel Research Labs and ESET have seen ERMAC 2.0 on several underground forums. Let us tell you that the ERMAC Trojan was first found in August 2021. In the first version, it had access to 378 apps and its developers were charging ₹3000 or Rs 2.32 lakh per month for it, while its developers were charging up to Rs 3.5 lakh for its second version.

Hackers spread ERMAC 2.0 malware through legitimate websites. Siebel and ESET have seen the spread of malware by copying the website of Bolt Foods, a well-known food delivery platform in Poland. In addition, cybercriminals are resorting to fake browsers, browser updates, advertisements and informational websites to spread it.

This malware gets downloaded to your Android device when you click on fake browser updates or fake websites. This then enables you to activate the Accessibility service. Once permission is granted, the malware automatically enables overlay activity and auto-permission. ERMAC 2.0 sends a list of applications installed on the Trojan victim’s device to the server based on the application list. The identity card is stolen by selecting a particular app from here. The data is stolen and sent in encrypted form to the server, which is then used to withdraw cryptocurrency or money from your bank.

Comments are closed, but trackbacks and pingbacks are open.