ThreatFabric researchers have discovered the emergence of the new Hook Android malware created by BlackRock and ERMAC Android banking trojan DukeEugene, which has mostly been targeting financial apps in the U.S., Canada, France, Spain, Italy, Australia, and the U.K., reports The Hacker News.
Apart from having the capabilities of ERMAC, Hook also contains remote access tooling features that could allow complete device takeovers and fraud chains without having to resort to more channels, according to ThreatFabric.
Overlay attacks aimed at exfiltrating sensitive data are being conducted by the Hook malware by exploiting Android's Accessibility Services APIs. Hook, which is so far only in the testing phase but could be distributed through phishing and dropper apps in the Google Play Store, could also enable remote screen viewing and interactions with compromised devices, the report showed.
"The main drawback of creating a new malware is usually gaining enough trust by other actors, but with the status of DukeEugene among criminals, it is very likely that this will not be an issue for Hook," said ThreatFabric researcher Dario Durando.