What’s new: The source code for the ERMAC 3.0 banking trojan has been leaked, revealing its full malware infrastructure. This version targets over 700 banking, shopping, and cryptocurrency applications, enhancing its form injection and data theft capabilities. The leak includes the complete backend and frontend components, as well as the Android backdoor and builder tools. Critical vulnerabilities were identified, such as hardcoded JWT secrets and default credentials.
Who’s affected
Organizations and individuals using banking, shopping, and cryptocurrency applications on Android devices may be at risk due to the capabilities of ERMAC 3.0. The malware’s operators can manage compromised devices and access sensitive data.
What to do
- Monitor for unusual activity on banking and financial applications.
- Implement security measures to detect and block malware targeting Android devices.
- Review and secure application credentials and configurations to prevent unauthorized access.
- Educate users about the risks of downloading applications from untrusted sources.
