Ermac’s full source code, a formidable Android malware that appeared in 2021, was flushed out by researchers. It is a blow for the virus, specializing in theft of banking data, and for cybercriminals that use it to lead cyber attacks.
By scanning the internet in search of poorly configured servers, the researchers of Hunt.io discovered a publicly accessible file, without password or restrictions, containing the source code ofErmac. Appeared 2021, the malware is designed to storm Android smartphones.
Once located on the phone, the virus, whose code is largely based on Cerberus malware, will fly Banking identifierspasswords, and the personal data of the victim. To achieve its ends, it generally displays false connection pages above the application of a bank. At the end of the attack, hackers use stolen data to siphon the target bank account. The virus was offered to budding hackers through a “Malware-as-A-Service” subscription (MAAS). By paying a monthly package, any pirate could use the virus to facilitate its activities and make money.
Read also: “Massive Paypal leak”? 15.8 million passwords would have been hacked
700 Android apps in the Ermac viewfinder
On the server, the experts got their hands on the entire source code of the third version of Ermac. An archive, soberly entitled Ermac 3.0.zip, contained all the code to make the malware infrastructure work.
As researchers have discovered by searching the code, the third version of Ermac is designed to steal data from Over 700 different applicationsincluding many banking apps. Since its inception, malware has considerably expanded its number of potential targets. The first iteration only targeted 378 applications.
The Ermac features arsenal is also more complete than its creation. According to the investigations carried out by Hunt.io, the malware is capable of stealing SMS, contacts and recorded account identifiers, reading emails on Gmail, downloading files, sending SMS and diverting calls, taking photos with the camera, controlling applications, displaying false notifications, and even to be detected. In short, it is formidable malware.
Read also: Cyberespionage in progress on Android – Lunaspy malware wants to loot all the data on your smartphone
A blow for cybercriminals
Ermac’s source code leak is A great victory for researchers On cybercriminals. With the malware code in their possession, cybersecurity experts will be able to improve and refine their detection tools and antivirus. De facto, it is more likely that attacks based on ERMAC are promptly detected and blocked. As explained by Hunt.io’s report, “Our analysis of Ermac v3.0’s leak has highlighted technical details, operational flaws and still active infrastructure, which defenders can exploit to disrupt the current campaigns”.
In addition, the flight contributes to removing the hackers from malware. Fearing that their information falls into the hands of researchers and authorities, cybercriminals could give up using the virus. The benefits garnered by the subscription to Ermac are likely to dry up …
🔴 To not miss any 01net news, follow us on Google News and Whatsapp.
Source :
Hunt.io
