Researchers have shed mild on a new hybrid malware campaign targeting the two Android and Windows running programs in a bid to broaden its pool of victims.
“This campaign resulted in thousands of victims,” the Dutch cybersecurity company said, adding, “Erbium stealer successfully exfiltrated data from more then 1,300 victims.”
What is ERMAC infection?
The ERMAC infections commence with a fraudulent internet site that statements to offer you Wi-Fi authorization software package for Android and Windows that, when installed, will come with features to steal seed phrases from crypto wallets and other sensitive knowledge.
ThreatFabric said it also found a number of malicious apps that were trojanized versions of legitimate apps like Instagram, with the operators using them as droppers to deliver the obfuscated malicious payload.
Interestingly, the download option for Windows on the booby-trapped website distributing ERMAC is designed to deploy the Erbium and Aurora information stealers on the compromised system.
This sort of zombie applications have been utilized to distribute Android banking trojans like SOVA and Xenomorph targeting customers in Spain, Portugal, and Canada, among many others.
Erbium, which is a malware-as-a-service (MaaS) licensed for $1,000 per year, not only steals passwords and credit card information, but has also been observed acting as a conduit to drop the Laplas clipper that’s used to hijack crypto transactions.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment