This dangerous, password-stealing malware spreads through bad apps


Protect Your Access to the Internet

You must always be vigilant against online threats. For all the good that a connected society has brought to the world, there will always be criminals that ruin it for everyone.

And often, the criminals don’t stop developing their tricks or scams. So if one method is successful, you can be sure that it will get a few tweaks to make it even more dangerous. For example, the ERMAC banking Trojan targeted 378 applications a year ago.

Researchers have now discovered an updated version that can target more applications. Read on to see what makes this malware so dangerous and what you can do about it.

Here’s the backstory

A hacker showed up on cybercrime forums in 2021, renting out his ERMAC Trojan for $3,000 a month. The criminal claimed that it could target 378 applications and steal banking passwords, usernames, email addresses and wallet funds.

But the hacker has since tinkered with the code, as Cyble Research Labs found an upgraded version available for rent at $5,000 per month. It can now target 467 applications, stealing vast amounts of personal and banking information.

It is unclear as to the origin of the ERMAC name. But in the hugely popular fighting video game franchise Mortal Kombat, Ermac is a red-clad ninja character that uses telekinesis during fights. His name comes from a diagnostics menu in the first game that displayed the text “error macro” as ERMACS.

ERMAC malware spreads through spoofed Android applications. Criminals will change the names slightly of popular apps, hoping you won’t notice the difference and download the malicious version. It can also spread through fake browser updates.

Here are some things the malicious apps can do when installed:

  • Automatically trigger a phone call to premium numbers.
  • It can send, receive and read text messages.
  • Access contact details and telephone numbers.
  • Read and write to external storage.
  • Record audio.

Cybercriminals can also steal credentials from crypto wallets and several international banking applications. Unfortunately, the list of malicious apps has not…