Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps

Home/BOTNET, Compromised, Darknet, Exploitation, hackers, infostealer, Internet Security, IOC's, Malware, Mobile Security, Security Advisory, Security Update/Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps

Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps

Researchers have shed mild on a new hybrid malware campaign targeting the two Android and Windows running programs in a bid to broaden its pool of victims.

“This campaign resulted in thousands of victims,” the Dutch cybersecurity company said, adding, “Erbium stealer successfully exfiltrated data from more then 1,300 victims.”

What is ERMAC infection?

The ERMAC infections commence with a fraudulent internet site that statements to offer you Wi-Fi authorization software package for Android and Windows that, when installed, will come with features to steal seed phrases from crypto wallets and other sensitive knowledge.

ThreatFabric said it also found a number of malicious apps that were trojanized versions of legitimate apps like Instagram, with the operators using them as droppers to deliver the obfuscated malicious payload.

Interestingly, the download option for Windows on the booby-trapped website distributing ERMAC is designed to deploy the Erbium and Aurora information stealers on the compromised system.

This sort of zombie applications have been utilized to distribute Android banking trojans like SOVA and Xenomorph targeting customers in Spain, Portugal, and Canada, among many others.

Erbium, which is a malware-as-a-service (MaaS) licensed for $1,000 per year, not only steals passwords and credit card information, but has also been observed acting as a conduit to drop the Laplas clipper that’s used to hijack crypto transactions.

IOCS

495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617
2de0f59fd03512e5527c8b8b19595483564ae54cd4904457c4f5bf127949019d
1032b42c859c747bcc159b75366c3325869d3722f5673d13a7b06633245ebf32
65619e3afe53268f5cbe5eae6a429f23e712c4412eda8c70dcfd3ebb25382894

URL

hxxp://185.215.113.42:3000/gate.php

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!