Cybersecurity experts have warned of a new Android malware capable of taking over a targeted endpoint (Opens in a new tab) and use it to steal data, steal personally identifiable information (PII), and conduct financial transactions.
Dubbed Hook, researchers at security firm ThreatFabric discovered the malware, which can be purchased on the dark web.
in its report (Opens in a new tab)The ThreatFabric team notes that Hook is essentially a banking Trojan. Code-wise, it appears to be quite similar to Ermac, another popular Trojan, and even shares many features with the notorious malware. However, there are a few standout features, including the use of VNC (Virtual Network Computing) to take control of the mobile device. Hook also comes with WebSocket connectivity features, and encrypts its traffic with the AES-256-CBC static key.
Other notable features of Hook include performing specific swipe gestures, taking screenshots, simulating keystrokes, scrolling, and simulating a long-press event. The researchers also warned that the malware could be used as a File Manager application, allowing users to list all files on an endpoint and extract files they deem worthy of interest.
“With this feature, Hook joins the ranks of malware families capable of performing a full DTO, completing a complete fraud chain, from PII infiltration to transaction, with all intermediate steps, without the need for additional channels,” the team warns. .
“This type of operation is difficult to detect with fraud logging engines, and is the main selling point for Android bankers.”
The silver lining, as is typical with Android devices, is that the user needs to extend the permissions of the malware access service to reach its true potential. Those who do, can also expect their location to be revealed, as Hawk is also capable of abusing the “Access Precise Location” permission.
The targets appear to be spread all over the world, with researchers finding hacked devices in the US, UK, Spain, Poland, Portugal, Italy, France, Canada, Australia and Turkey.
Via: BleepingComputer (Opens in a new tab)