The ERMAC 2.0 threat is classified by cybersecurity researchers as an Android banking Trojan. The threat is being offered for sale to any interested cybercriminals on underground hacker forums. ERMAC 2.0's creators have priced the access to their harmful threat at $5000 per month. So far, the primary targets of attacks involving the threat have been Polish users.
The Trojan tries to disguise itself as the legitimate Bolt Food application. Once fully established on the Android device, ERMAC 2.0 can perform a wide range of intrusive actions. The malware can intercept, read, and send SMS messages, access incoming notifications or send fake ones, mute the sound on the device and lock the screen. Via ERMAC 2.0, the attackers can access victims' Gmail messages, view their contact lists, as well as list all installed applications. EMARC 2.0 threatening abilities do not stop there. The Trojan also can make phone calls to certain numbers, forward incoming calls, and establish keylogging routines to capture sensitive data, such as account credentials, banking details, crypto-wallet passphrases and more.
To assure its uninterrupted activities on the breached device, ERMAC 2.0 can kill over 130 anti-virus applications and battery optimizers. The threat also can hide its icon, disable accessibility block, and stop victims from manually deleting it. The hackers also can instruct the malware open links in the device's Web browser, clear the application data, and escalate its privileges to the rank of admin. The consequences for the victims of ERMAC could be devastating. The attackers may obtain enough information to take over any paid accounts, social media, accounts, as well as digital wallets.