Hook Mobile Malware

Cybercriminals are now offering a new Android malware called 'Hook' that can take control of mobile devices in real time using the VNC (Virtual Network Computing). Although the authors of Hook claim the new malware tool was written from scratch, researchers have found evidence to suggest otherwise.

Hook is being sold by the same creator of Ermac, an Android banking Trojan that helps hackers collect credentials from over 450 financial and crypto applications. However, analysis of Hook has revealed that it contains most of Ermac's code base, making it a banking Trojan with additional features. Furthermore, cybersecurity researchers have noticed several unnecessary parts in Hook that are present in Ermac as well, further proving that there has been extensive code reuse between the two threats.

The Hook Mobile Malware Could Have a Global Reach

Users from all over the world could become victims of attacks using the Hook malware. The threatening tool targets banking applications from numerous countries - the United States, the UK, France, Spain, Canada, Turkey, Italy, Australia, Portugal, Singapore and many others. According to the currently available data, Hook is being distributed in the form of a Google Chrome APK. Among the identified package names are 'com.lojibiwawajinu.guna,' 'com.damariwonomiwi.docebi,' 'com.damariwonomiwi.docebi' and 'com.yecomevusaso.pisifo.'

The Hook Mobile Malware Offers an Expanded List of Harmful Actions

The Hook mobile malware is a new threat that has been developed to give threat actors the capability to manipulate the user interface of compromised devices in real time. It uses WebSocket communication and AES-256-CBC encryption for its network traffic. This is an improvement over Ermac, which uses HTTP traffic exclusively. Once activated, Hook can perform numerous new thre4atening actions on top of the capabilities already found in Ermac. The main addition includes RAT (Remote Access Trojan) functionality, but Hook also can take screenshots, simulate clicks and key presses, unlock devices, set clipboard values, and track geolocation. It also includes a 'File Manager' command that allows operators to get a list of all files stored in the device, as well the ability to download specific files. The threat has a specific WhatsApp command that logs messages and allows operators to send messages via the victim's account.

The Dangers Posed by Mobile Banking Trojans Like Hook

The consequences of an Android banking Trojan attack can be devastating. Banking Trojans are threatening mobile malware that are designed to collect sensitive financial data from unsuspecting victims. Once the corrupted code is installed on a device, it can monitor the users' activities and intercept communications between the users and their bank or other financial institutions. This allows attackers to gain access to accounts and transfer funds without the user's knowledge or consent.

The most immediate consequence of a banking Trojan attack is financial loss. Attackers may use collected credentials to make unauthorized purchases or transfers, resulting in significant losses for the victims. In addition, victims may also be subject to identity theft if their personal information is accessed by the attacker. Furthermore, attackers may use collected credentials to access additional accounts belonging to the victim, leading to further financial losses.