ERMAC Android malware source code leak exposes banking trojan infrastructure
What’s new: The source code for version 3 of the ERMAC Android banking trojan has been leaked online, revealing its infrastructure and capabilities. The leak includes the malware’s backend, frontend, exfiltration server, and deployment configurations. ERMAC v3.0 significantly expands its targeting capabilities to over 700 banking, shopping, and cryptocurrency apps, up from 467 in v2.0. The malware features enhanced data theft methods, including SMS, contacts, and Gmail message extraction, as well as remote device control functionalities.
Who’s affected
Users of more than 700 applications, including banking and cryptocurrency platforms, are at risk due to the expanded targeting capabilities of ERMAC v3.0. Additionally, organizations relying on security measures against such malware may face increased risks due to the exposure of the malware’s source code.
What to do
- Review and enhance security measures for mobile applications, particularly those handling sensitive user information.
- Monitor for unusual activity related to user accounts and devices that may indicate compromise.
- Educate users about the risks of malware and encourage them to report suspicious activities.
