The Android banking trojans Hook and ERMAC, created by DukeEugene, have similar code implementation and capabilities, including keystroke logging, overlay attacks, and credential theft from over 700 apps, with Hook having additional functionalities such as device control and address replacement, and the majority of their command-and-control servers located in Russia, while a China-nexus threat actor has been linked to an Android spyware campaign targeting South Korean users, and an Israeli spyware company called Insanet has developed a product called Sherlock that infects devices via online advertisements to collect sensitive data.
View full story…
New Android Banking Trojan Hook and its Predecessor ERMAC Pose Significant Risks to Users
