ERMAC Android Banking Trojan

ERMAC Android Banking Trojan Description

Cybersecurity researchers have uncovered a new Android Banking Trojan named ERMAC that is capable of targeting over 378 legitimate applications. The list of applications includes banking, media players, government applications, delivery services, and even security solutions, such as McAfee. So far, operations involving ERMAC, appear to be focused on Polish users. 

ERMAC is based on the infamous banking Trojan Cerberus. Back in September 2020, the source code of Cerberus got leaked on an underground forum after its creators failed to sell it in auction seeking $100, 000. ERMCAC also is being offered for sale on hacker forums. According to the post, the mobile threat is available for rent at $3,000 a month.

Like most banking Trojans out there, ERMAC relies on overlay attacks to collect the victim's credentials and banking information. It also can collect contact information, intercept text messages, and launch arbitrary applications on the compromised device. ERMAC also possesses some uncommon functionalities, such as the ability to clear the cache of specific applications and access accounts stored on the breached system.