ERMAC

Description

(Threatfabric) On July 23 a forum post appeared regarding a new Android banking trojan. The attached screenshots show that it is named ERMAC. Our investigation shows that ERMAC is almost fully based on the well-known banking trojan Cerberus, and is being operated by BlackRock actor(s).

Names

Name
ERMAC

Type

Banking trojan
Backdoor
Info stealer
Credential stealer
Botnet

Information

https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html
https://blog.cyble.com/2022/05/25/ermac-back-in-action/
https://blog.cyble.com/2022/10/18/ermac-android-malware-increasingly-active/
https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html
https://research.nccgroup.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/
https://securityintelligence.com/posts/ermac-malware-the-other-side-of-the-code/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/apk.ermac

Other Information

Uuid

f1a782ee-428e-4504-906d-bee5e81ca577

Last Card Change

2024-03-06

Threat Intelligence Garden

Explorer

ERMAC

ERMAC

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks