Hook: New Android Banking Trojan That Expands on ERMAC’s Legacy

From thehackernews.com

A new analysis of the Android banking trojan known as Hook has revealed that it’s based on its predecessor called ERMAC.

“The ERMAC source code was used as a base for Hook,” NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week.

“All commands (30 in total) that the malware operator can send to a device infected with ERMAC malware, also exist in Hook. The code implementation for these commands is nearly identical.”

Hook was first documented by ThreatFabric in January 2023, describing it as a “ERMAC fork” that’s offered for sale for $7,000 per month. Both the strains are the work of a malware author called DukeEugene.

Read more…