Cybersecurity experts warn of new Android malware that can hijack targeted endpoints (opens in new tab) They also use it to steal data, steal personally identifiable information (PII), and conduct financial transactions.
Discovered by researchers at security firm ThreatFabric, the malware is called Hook and is available for purchase on the dark web.
in that report (opens in new tab), the ThreatFabric team points out that Hook is essentially a banking Trojan. In terms of code, it appears to be very similar to another popular Trojan, Ermac, and shares many features with the notorious malware. However, there are some standout features such as the use of VNC (Virtual Network Computing) to take over mobile his device. The hook also comes with WebSocket communication capabilities and uses a hardcoded AES-256-CBC key to encrypt traffic.
unique features
Other notable features of Hooks include performing certain swipe gestures, taking screenshots, simulating key presses, scrolling, and simulating long press events. Researchers further warned that the malware can also be used as a file manager app, allowing users to list all files present on the endpoint and extract those they deem of value.
“This feature allows Hook to perform a complete DTO, allowing the malware family to complete the complete fraud chain from PII extraction to transaction using all intermediate steps without the need for additional channels. join the ranks of the world,” warns the team. .
“This kind of manipulation is much harder for fraud scoring engines to detect and is a major selling point for Android bankers.”
As is often the case with Android devices, the user must grant accessibility service permissions for malware to reach its true potential. Hooks can also abuse the “Access Fine Locations” privilege, so those who do can also expect their location to be revealed.
Targets appear to be scattered around the world, with researchers finding compromised devices in the United States, United Kingdom, Spain, Poland, Portugal, Italy, France, Canada, Australia, and Turkey.
Via: Beep computer (opens in new tab)