A new malware, called “Hook”, is proving to be present in Android apps. Once inside the devices, he can remotely control the smartphone, using VNC (Virtual Network Computing) for real-time mastery.
Hook comes from the same creator as Ermac, Android banking trojan that stole credentials from over 467 banking and crypto apps. But the new malware was written from scratch, according to the creator, something denied by ThreatFabric researchers. After all, there are extensive code overlaps between the two malware families.
Researchers see this malware as an evolution of Ermac basically which makes it more dangerous. The VNC module is the main addition as it allows to perform any action on the infected device, from PII exfiltration to monetary transactions. Hook’s targeted banking apps impact users in the US, Spain, Australia, Poland, Canada, Turkey, the UK, France, Italy and Portugal, the source says, but the malware could be a global threat.
To be on the safe side, it’s important to install apps only from official sources. If looking at a third party, make sure it’s the legitimate app you’re downloading. The apps that end up being infected are usually easily recognizable (from the analysis of the design, low download count and few positive reviews), but this is not always the reality.
