The hackers who were said to be behind the BlackRock malware have attacked again with ERMAC, a new Android banking trojan that has its roots in the Cerberus malware.
“The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays,” ThreatFabric’s CEO Cengiz Han Sahin said in an emailed statement. (The Hacker News) The hackers are using Google Chrome to disguise their identity.
The attackers have reportedly been expanding their range of apps for hacking through banking, media players, antivirus, government applications, etc.
It is also said that Cerberus came from the actor called DukeEugene which in the month of August, asked customers to rent a new android botnet at a price of $3000 per month. DukeEugene is known to carry the capabilities of the info stealer and keylogger originating from another strain.
In September 2020, Cerebrus had its own source code released as a free remote access trojan (RAT) on underground hacking forums which failed to get auctioned that sought $100,000 for the developer.
There have also been some reports where the researchers believe that DukeEugene has shifted its operations from BlackRock to ERMAC. Even though ERMAC and Cerberus seem quite similar, the freshly discovered strain is notable for its use of obfuscation techniques and Blowfish encryption scheme to communicate with the command-and-control server.
ERMAC can steal contact information, text messages, and have the ability to attack multiple financial apps at once. It can also, in some cases, clear the cache of a specific application and steal the accounts that have been stored i nthe device.