Researchers at security firm ThreatFabric have warned users about a new Android malware that can remotely control their phones. Hackers can use malware to steal data, steal personally identifiable information (PII), and conduct financial transactions. The new Android malware is called “Hook”.
Researchers at security firm ThreatFabric have discovered that Hook malware can be purchased on the dark web. The team that made the discovery states that Hook is essentially a banking Trojan. It looks very similar to Ermac, another popular Trojan.
However, it does have some cool features like using VNC (Virtual Network Computing) to take over mobile devices. Hook also comes with WebSocket communication capabilities and uses a hardcoded AES-256-CBC key to encrypt traffic.
Read more: Top 10 Industries Attacked by Malware in India
“This malware is advertised as ‘made from scratch’. This is debatable. Most of the code base remains Ermac’s, including the Russian-language commands that express needless anxiety about the world. said the ThreatFabric report.
Hooks can perform certain swipe gestures, take screenshots, simulate key presses, scroll, and simulate long press events. This malware can also be used as a file manager app. This allows the user to list all files present on the endpoint and extract the ones they deem of value.
“This type of manipulation is much harder to detect by fraud scoring engines and is a major selling point for Android bankers,” the team said. However, in order for the malware to reach its full potential, Android requires accessibility service permissions. If allowed, hooks can also abuse the ‘Access Fine Locations’ privilege, so you can also expect the location to be revealed.