Android warning for BILLIONS as malware that STEALS your passwords is spotted growing ‘more dangerous’

A DANGEROUS new malware that targets Android devices has been uncovered by cybersecurity experts.

In 2021, researchers discovered a malware designated ERMAC that was attacking Android devices.

Now, cybersecurity experts from ESET have found that a new version of the Banking trojan – dubbed ERMAC 2.0 – is active.

The malware targets Android devices via 467 apps that steal users’ credentials and bank information.

ERMAC 2.0 does this by impersonating popular and genuine apps, according to cybersecurity experts.

Cyble Research Labs also found that threat actors can rent the malware for a hefty monthly fee of $5,000.

China starts 'cyber-espionage battle' on Russia with malware plot, report claims

Android warning over 'Joker' malware as users are told to delete seven apps NOW

ERMAC 1.0, which was discovered officially in August 2021, utilized 378 apps and was being rented for $3,000 a month.

“We have observed that the ERMAC 2.0 is being delivered through fake sites,” Cyble Labs noted in a blog post.

The experts added that EMRAC 2.0 also spreads through fake browser update sites.

How does it work?

Once someone installs ERMAC 2.0 via a fraudulent app, the malware requests as many as 43 permissions from their device.

Most read in Tech

These permissions, if granted, may enable the bad actors to take full control of a victim’s device.

Other permissions can get the hackers SMS access, contact access, system alert window creation, audio recording, or full storage read and write access.

Certain permissions can also create a list of apps installed on the victim’s device and share that data with the hacker’s C2 server, according to Tech Radar.

This can result in a complex phishing scheme that harvests the user’s data whenever they try to log onto the affected app.

Some phishing pages being used to trick the victims include banking applications such as Japan’s bitbank, India’s IDBI Bank, Australia’s Greater Bank, and Boston-based Santander Bank, per Phone Arena.