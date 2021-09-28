According to a Dutch cybersecurity firm, Android malware that steals financial data is back.

The criminals behind Blackrock, a complex mobile malware, have returned with ERMAC, a more severe Android banking trojan. According to cybersecurity specialists, the spyware takes financial data from banking and wallet apps.

ThreatFabric, a Dutch cybersecurity organization, found the newly revealed Android virus. Threat actors are said to have launched ERMAC’s first big campaign in late August, in which the malware was disguised as Google Chrome.

ERMAC assaults have since spread to include banking apps, delivery services, government applications, media players, and even antivirus software like McAfee.

Hackers, according to experts, have their sights set on Poland.

ThreatFabric’s CEO Cengiz Han Sahin wrote in a blog post, “At the time of writing this blog, we notice ERMAC targeting Poland and being disseminated under the pretext of delivery service and government applications.”

The infamous banking trojan Cerberus is nearly entirely built on ERMAC. ERMAC is designed to steal contact information and text messages, just as its primogenitor and other banking malware.

It may also open arbitrary apps and perform overlay attacks on a wide range of financial apps to collect login credentials. The banking trojan also has tools that allow it to delete an app’s cache and steal accounts saved on the device.

“The ERMAC example demonstrates yet again how malware source code leaks can result in not just the slow evaporation of a malware family but also the introduction of new threats/actors to the threat landscape,” Threatfabric warned.

“ERMAC introduces a couple of additional features due to its construction on Cerberus’ basement. Although it lacks some significant characteristics such as RAT, it poses a threat to mobile banking consumers and financial organizations around the world, according to the cybersecurity firm.

The list of ERMAC-targeted applications was also revealed by ThreatFabric. Usugi Bankowe, WiZink, tu banco senZillo, Santander Argentina, Touch 24 Banking BCR, and Volksbank hausbanking are among the companies involved.

The list of ERMAC-targeted apps also includes My AMP, Bankwest, CommBiz, CUA Mobile Banking, HSBC Australia, ING Australia Banking, Macquarie Authenticator, Macquarie Mobile Banking, ME Bank, NAB Mobile Banking, NPBS Mobile Banking, myRAMS, Suncorp Bank, UBank Mobile Banking, CA Mobile, Tangerine Mobile Banking, and Bitcoin & Ripple Wallet.

At the time of writing, 378 banking and wallet apps had been identified as being infected by the malware.