New Android Banking Trojan Dubbed Ermac Spotted

In a new piece of malware nicknamed Ermac, the BlackRock cybercrime gang has taken inspiration from the popular banking trojan known as Cerberus.

New Android Banking Trojan Dubbed Ermac Spotted
New Android Banking Trojan Dubbed Ermac Spotted | Image credits: 2 spyware

The creators of BlackRock mobile malware operators have uncovered a new Android banking trojan known as ERMAC that targets Poland and has roots in the classic Cerberus malware, according to The Hacker News

Attacks against a wide range of apps, including video players, banking, and delivery services as well as government and antivirus software, have increased in frequency and scope since then.

Threatfabric cybersecurity researchers stated, "The story of ERMAC shows one more time how malware source code leaks can lead not only to slow evaporation of the malware family but also bring new threats/actors to the threat landscape," [...]  "Although it lacks some powerful features like RAT, it remains a threat for mobile banking users and financial institutions all over the world."

An actor named DukeEugene published forum posts last month, on August 17, asking potential customers to rent a new android botnet with extensive functionality to a small circle of people for $3,000 a month, almost entirely based on the notorious banking trojan Cerberus.

DukeEugene is also known as the actor that was behind the BlackRock ad that first surfaced in July of 2020. Keylogger and infothief are from another banking strain named Xerxes, and both are subspecies of the LokiBot Android banking Trojan; the malware's source code was made public by its creator in May of this year.

Cerberus made one of their RATs available for free on a hacker forum

A free remote access trojan (RAT) developed by Cerberus was made public on underground hacker forums in September 2020 after an unsuccessful auction for the creator sought $100,000.

As with its predecessor and other banking malware, ERMAC targets login credentials from a variety of financial apps by stealing contact information, text messages, and opening arbitrary applications. It's also added new features that let malicious software wipe the device's cache and steal accounts from within it.