Currency
Trojan for Android, which allows hackers to gain full access to a smartphone, was discovered
On the so-called dark web, cybercriminals have put up an Android malware called Hook. It can remotely take control of mobile devices in real time using VNC (virtual network computing).
The new malware is being promoted by the creator of Ermac, an Android banking Trojan that sells for $5,000 a month and helps attackers steal credentials from more than 467 banking and cryptocurrency apps through fake login pages.
Although Hook's author claims that the new malware was written from scratch, ThreatFabric analysts claim that Hook contains much of Ermac's code base, so it is still a banking Trojan.
As Bleeping Computer notes, despite its origins, Hook is an evolution of Ermac, offering a wide range of features that make it more dangerous for Android users.
One of the new features of Hook compared to Ermac is the introduction of communication via WebSocket, which is added to the HTTP traffic used exclusively by Ermac. Network traffic is still encrypted using the AES-256-CBC hard key.
The major addition, however, is a VNC module that allows attackers to interact with the user interface of a compromised device in real time.
This new system allows Hook operators to perform any action on the device, from leaking personal data to monetary transactions. The virus can take full control over a smartphone and unlock the gadget without the user's consent, take screenshots, imitate keystrokes, and much more.
In addition, the "File Manager" command allows the hacker to turn the malware into a file manager and gain access to all files stored on the device and their downloads.
Attackers can also access WhatsApp through Hook and use it to forward messages through the victim's account.
Hackers are also able to find out the exact location of their victim because they gain access to a geolocation tracking system.
Hook is currently distributed as an APK for Google Chrome under package names:
- com.lojibiwawajinu.guna;
- com.damariwonomiwi.docebi;
- com.damariwonomiwi.docebi;
- com.yecomevusaso.pisifo.
To avoid Android malware infection, the authors advise installing apps only from the Google Play Store or if they are obtained from trusted parties.
Users are also advised to update the Android version on their smartphone, as Hook's VNC requires access to the Accessibility Service, which is harder to obtain on devices running Android 11 or newer.
Previously, OBOZREVATEL told you how to find out if an app is safe in the Google Play Store.
Subscribe to OBOZREVATEL channels in Telegram and Viber to keep up with the latest developments.