ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

What’s new: The source code for the ERMAC 3.0 banking trojan has been leaked, exposing its complete malware infrastructure. This version targets over 700 banking, shopping, and cryptocurrency applications, enhancing its form injection and data theft capabilities. Key components include a backend C2 server, a frontend panel, an exfiltration server, and an Android backdoor. The leak has revealed critical security weaknesses, such as hardcoded JWT secrets and default credentials.

Who’s affected

Organizations and individuals using banking, shopping, and cryptocurrency applications are at risk, particularly those targeted by the ERMAC 3.0 trojan. The malware is designed to compromise sensitive data from these applications.

What to do

• Review and strengthen security measures for applications that may be targeted by ERMAC 3.0.
• Implement monitoring for unusual activity related to banking and financial transactions.
• Educate users about the risks of downloading unverified applications and the importance of device security.

Sources

• The Hacker News