BleepingComputer reports that the ERMAC Android banking trojan has been updated to target 467 applications, up from 378, from which it could exfiltrate account credentials and cryptocurrency wallets.
ESET researchers discovered that the fraudulent Bolt Food application has been the first to leverage the new ERMAC 2.0 malware, with the Android app deployed through a website spoofing the European food delivery service. Downloading the app would trigger a permission request demanding total device control, which when granted would enable the app to deceive users into entering sensitive data on fake forms. Aside from Bolt Food, ERMAC 2.0 has also been targeting banking apps around the world, as well as asset management apps and cryptocurrency wallets.
Meanwhile, ERMAC 2.0 has been found to have the ability to deliver an application list for injection downloads, send injection logs and device data, inspect and deliver application status, deliver updated bot parameters, and obtain the phishing page. A separate report from Cyble identified significant similarities between the updated ERMAC malware and Cerberus malware.