What’s new: The source code for version 3 of the ERMAC Android banking trojan has been leaked online, revealing its malware-as-a-service platform and operator infrastructure. The leak includes the backend, frontend, exfiltration server, deployment configurations, and the trojan’s builder and obfuscator. ERMAC v3.0 significantly expands its targeting capabilities to over 700 banking, shopping, and cryptocurrency apps, enhancing data theft and device control functionalities.
Who’s affected
Users of more than 700 applications, including banking and cryptocurrency apps, are at risk due to the capabilities of ERMAC v3.0. The malware can steal sensitive information such as SMS, contacts, and Gmail messages, and can manipulate device functions.
What to do
- Review and enhance security measures for applications that may be targeted by ERMAC.
- Monitor for unusual activity or unauthorized access attempts on user accounts.
- Educate users about the risks of downloading apps from untrusted sources.
- Implement robust detection solutions to identify and mitigate threats from ERMAC and similar malware.
